[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH] Basic support for checking NFSv4 ACLs in Linux

From: Ondrej Valousek
Subject: RE: [PATCH] Basic support for checking NFSv4 ACLs in Linux
Date: Tue, 15 Nov 2022 09:17:18 +0000

> * If an ALLOW entry has any mask bits set that don't correspond to the UNIX 
> rwx permissions, we don't have a trivial ACL.
Do we really have to do this?
I mean from RFC8881:
" The server that supports both mode and ACL must take care to synchronize the 
MODE4_*USR, MODE4_*GRP, and MODE4_*OTH bits with the ACEs that have respective 
who fields of "OWNER@", "GROUP@", and "EVERYONE@". This way, the client can see 
if semantically equivalent access permissions exist whether the client asks for 
the owner, owner_group, and mode attributes or for just the ACL."

... I take it these 3 ACEs should always represent mode bits.

Or if you really wish I can shamelessly steal the AIX code there and put smth 
like this:
                                 | ACE4_WRITE_DATA | ACE4_ADD_FILE
                                 | ACE4_EXECUTE)) == 0)) return 1;


reply via email to

[Prev in Thread] Current Thread [Next in Thread]