[Acl-Devel] NFS ACL support...

Andreas Gruenbacher ag at moses.parsec.at
Wed Nov 15 22:03:10 GMT 2000 

On Wed, 15 Nov 2000, Dominik Kubla wrote:

> [Please pardon me for addressing three lists at once, but since it
>  somehow touches all bases, i thought it best. -dbk]
> 
> Ok folks, here we go...
> 
> I checked Solaris, Tru64, HP-UX, Irix, AIX and TrustedBSD to see how
> they do it. Here are the results:
> 
> 		Server				Client
> Solaris		nfsd				mount
> Tru64		proplistd			mount -o proplist
> HP-UX		------------- no ACL over NFS -------------------
> Irix		-------- only with Trusted Irix/B ---------------  (see OB1)
> AIX4		------------- no ACL over NFS -------------------  (correct?)
> TrustedBSD	------------- no ACL over NFS -------------------  (correct?)
> 
> Part of the SGI stuff is available as OB1 project (see http://oss.sgi.com/),
> the RPC definitions for SUN's NFS extension can be found on any Solaris
> system.
> 
> The Tru64 solution would fit the current EA/ACL scheme best, since it
> is not limited to "just" ACL.  However i couldn't get any info on it
> apart from the man pages.  No RPC template file, nothing.  But since
> both TrustedBSD and Linux use EA's to store ACL's (and FS-based CAP's)
> it would make sense to implement something like this.

There has been a discussion on extended attribute support on linux-fsdevel
recently. The API my patch implements is somewhat too limited for the
general case, so somebody will have to change the design, implementation,
documentation, etc. I'm not sure I'll have enough time for that soon.

NFSv4 seems to cover ACLs and extended attributes, but they don't use the
same interface. So I guess a long-term solution would be to work on NFSv4
support for Linux ACLs and EA's.

> The SUN solution has the benefit, that the RPC template file is available,
> together with some technical docs from Sun. OTOH it requires us to modify
> nfsd and would not allow us to handle generic EA's.

This looks like a good short-term solution to me.

> The OB1 stuff is interesting in so far that it addresse far more than
> just EA or ACL, it also has code for CAP, MAC and IL, but the code is
> taken from Trusted IRIX and not useable as-is.

Are you sure Irix (or OB1) implements CAP, MAC, IL over NFS?


Cheers,
Andreas.

------------------------------------------------------------------------
 Andreas Gruenbacher, a.gruenbacher at computer.org
 Contact information: http://www.bestbits.at/~ag/

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list