[nfsv4] Files without ACLs?

[Andreas Gruenbacher <agruen at suse.de>]

I am wondering what the best strategy is for representing files on POSIX that 
don't have an actual NFSv4 ACL, and access to which is only controlled by the 
file mode permission bits. This is only relevant on a server that supports 
ACLs on at least some files as indicated by the ACL4_SUPPORT_ALLOW_ACL and 
ACL4_SUPPORT_DENY_ACL flags in the aclsupport attribute: in that case, the 
mode attribute sufficiently describes the access permissions.

The two strategies I can imagine are to somehow indicate to the client that a 
particular file "has no ACL", or to make up an ACL which represents the file 
mode. This case is different from an empty (zero-entry) ACL, for which 
RFC3530 defines that the result is undefined. (I interpret undefined as 
either always denied or always allowed, rather than defined by the mask 
attribute).

My interpretation of the definition of the GETATTR is that when the server 
indicates ACL support it must return ACLs for all files, and it's illegal to 
not include an ACL in the return value of GETATTR if the client requests the 
ACL. Is this correct? In that case, we would definitely have to make up ACLs 
from the mode attribute.

Thanks,
Andreas

-- 
Andreas Gruenbacher <agruen at suse.de>
Novell / SUSE Labs

_______________________________________________
nfsv4 mailing list
nfsv4 at ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4