NFS ACLs?

Robert Watson rwatson at FreeBSD.org
Thu Jun 14 14:40:16 GMT 2001 

Hope you don't mind, I've CC'd the response to the TrustedBSD discussion
list, as others may have useful comments.

On Thu, 14 Jun 2001, James F. Hranicky wrote:

> A while back, I mentioned I'd like to try to work on NFS ACLs for
> FreeBSD...well, I no longer have illusions of having the time to muster
> the kernel juju for such a task, however, could you tell me if that's a
> planned feature at some point? 

Well, it's something I'd very much like to support, but haven't yet had
time to explore.  There are actually three aspects to this work, btw.

1) Verify that when ACLs are used on the NFS server with today's code, it
   behaves properly for remote clients (in particular, NFSv3, where
   there's an NFS3_ACCESS operation--I expect poor behavior on NFSv2). 

2) Explore the ways in which ACLs have been integrated using other NFSv2/3
   implementations, in particular, on IRIX and Solaris.  There is no
   standard RPC stuff for ACLs under v2 and v3, so they must have added
   custom RPCs, or created a new ACL RPC service in the style of the NFS
   lock manager stuff.  Possibly implement one of these.

3) Learn about how NFSv4 handles ACLs: my recollection is that it has its
   own ACL model that's not quite the same as everyone else's, but that
   there should be a decent mapping.  We don't have an NFSv4
   implementation at this point, but one is being done (I believe) for
   NetBSD or OpenBSD (slowly), for Solaris, and for Linux.  Making sure
   our ACL stuff works with whatever is to come here would be a good idea. 

Hope that's useful.  You may want to take a look at the NFS book from
Addison-Wesley, which is pretty decent, as well as at the SGI OSS stuff,
since they have a lot of ACL-related code in their sample OB1
implementation (oss.sgi.com, click "list of projects", then "ob1 sample B1
implementation").  Likewise, the NFSv3 and v4 RFC's would probably be good
reading (some are probably still drafts at this point).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list