[NFS] Re: [Acl-Devel] NFS ACL support...

[Spencer Shepler]

On Thu, Andreas Gruenbacher wrote:
> On Thu, 16 Nov 2000, Dominik Kubla wrote:
> 
> > On Thu, Nov 16, 2000 at 10:08:14AM +0100, Andreas Gruenbacher wrote:
> > > 
> > > Note that NFSv2 can't support ACLs at all, as clients make access control
> > > decisions based on the file mode permission bits. NFSv3 works because it
> > > uses an RPC to check whether access is granted.
> > 
> > Sun definitely does ACL over NFSv2, also the docs state that the ACL layer
> > is "bypassed" (whatever that means) if a client does not request the
> > extension.
> 
> I don't know how they do it. Probably they do full ACL access control
> decisions on the client. The problem I see is that non-ACL-aware NFSv2
> clients do access control decisions based on the file mode permission
> bits, so the only way to make them work without breaking file security is
> to send them a stripped-down mode parameter. On the other hand, such a
> stripped-down mode parameter would be wrong for ACL aware clients.
> 

The client does use the ACL protocol to make decisions about file access.

However, it is the server's responsibility to apply any access
restrictions at the time a read/write is processed.  Just because the
client believes is has access rights doesn't mean the server should
believe the client.

Of course, if the client makes a decision to allow access when the
file is opened and later receives an error when an actual file read is
done, the application will observe behavior varying from what local
access would provide (i.e. EACCESS on read()).

-- 

- Spencer -


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message