[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

To: Sam Falkner <Sam.Falkner at Sun.COM>
Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
From: "J. Bruce Fields" <bfields at fieldses.org>
Date: Wed, 26 Jul 2006 09:00:44 -0400
Cc: Lisa Week <Lisa.Week at Sun.COM>, nfsv4 at ietf.org, nfs at lists.sourceforge.net, "Noveck, Dave" <Dave.Noveck at netapp.com>, Spencer Shepler <spencer.shepler at Sun.COM>, "Pawlowski, Brian" <beepy at netapp.com>, Andreas Gruenbacher <agruen at suse.de>
In-reply-to: <4654D18B-57AD-4779-80A6-BFD2FCEC4A69@Sun.COM>
List-archive: <http://www1.ietf.org/pipermail/nfsv4>
List-help: <mailto:nfsv4-request@ietf.org?subject=help>
List-id: NFSv4 Working Group <nfsv4.ietf.org>
List-post: <mailto:nfsv4@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
References: <C98692FD98048C41885E0B0FACD9DFB8023DF6B9@exnane01.hq.netapp.com> <200607250232.37603.a.gruenbacher@computer.org> <04075B08-F57D-4842-A7B2-9467DF9A39A2@Sun.COM> <200607252215.16735.agruen@suse.de> <4654D18B-57AD-4779-80A6-BFD2FCEC4A69@Sun.COM>
User-agent: Mutt/1.5.11+cvs20060403

On Tue, Jul 25, 2006 at 10:59:25PM -0600, Sam Falkner wrote:
> On Jul 25, 2006, at 2:15 PM, Andreas Gruenbacher wrote:
> >Maybe nobody explained to users how to properly use ACLs to prevent
> >this from happening? The behavior of Solaris chmod(1) is a potential
> >security  hole, although a small one only.
> 
> I remind you that in NFSv4, ACL is not a required attribute.

That's really a statement about servers, not clients, so I'm not
convinced it's relevant here.

It's true that servers are not required to support optional attributes.
But obviously clients may be required to do so if, for example, they
want full control over file permissions.

The chmod-modifies-group-bits scheme only removes one of the more
visible consequences of this fact.

--b.

_______________________________________________
nfsv4 mailing list
nfsv4 at ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

References:
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
  - From: Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
  - From: Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
  - From: Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
  - From: Sam Falkner

Prev by Date: [nfsv4] Files without ACLs?
Next by Date: Re: [nfsv4] Files without ACLs?
Previous by thread: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Next by thread: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Index(es):
- Date
- Thread