[nfsv4] ACL interoperability testing
"J. Bruce Fields" <bfields@fieldses.org> Fri, 08 December 2006 22:32 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsoGP-0008OO-M6; Fri, 08 Dec 2006 17:32:17 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsoGO-0008OJ-38 for nfsv4@ietf.org; Fri, 08 Dec 2006 17:32:16 -0500
Received: from mail.fieldses.org ([66.93.2.214] helo=pickle.fieldses.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsoGK-0002Hr-Ma for nfsv4@ietf.org; Fri, 08 Dec 2006 17:32:16 -0500
Received: from bfields by pickle.fieldses.org with local (Exim 4.63) (envelope-from <bfields@fieldses.org>) id 1GsoGJ-0001gq-I6; Fri, 08 Dec 2006 17:32:11 -0500
Date: Fri, 08 Dec 2006 17:32:11 -0500
To: nfsv4@ietf.org
Message-ID: <20061208223211.GD20240@fieldses.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.13 (2006-08-11)
From: "J. Bruce Fields" <bfields@fieldses.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Cc: richterd@citi.umich.edu
Subject: [nfsv4] ACL interoperability testing
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org
We'd like to do more ACL interoperability testing at connectathon, involving heterogeneous clients against a single server as well as just single clients and servers. A few random testing ideas follow; anybody have others? We're working on automating some of these, so might have more test scripts to share later on. But these tend to cover geeky little corner cases; if people have experience with applications or uses that are likely to be important or interesting, that might give us more useful results. Test ideas: - Set ACLs from a client, then attempt file operations, to determine how each server/client combination enforces ACL permissions; Jim Rees has some tests we could use: http://www.citi.umich.edu/projects/asci/icsi-alpha/acl-test-20060929.tar.gz - Set each of the following on one client, retrieve it from the same client, record any errors, and compare any succesful results: ACL with OWNER@, GROUP@, and EVERYONE@ aces only ACL with the above and a named user and a named group ACL with the above and with a named user and group that happen to be the same as the file's owner and/or group ACL with named users and groups but no OWNER@, GROUP@, or EVERYONE@ ACL with denies, all of them at the start of the ACL ACL with denies interleaved with allows zero-length ACL - Repeat the above with two different client implementations, setting ACLs on one and querying on the other. - Set every possible mode bit and query the resulting ACL; set the above set of ACLs and query the resulting mode bits. - Repeat the above with different clients setting and querying the mode and ACL. - Set ACLs on directories with every possible combination of inheritance bits, query the result, create a subfile, query its ACL. - Set and query modes with the suid, sgid, and svtx bits. - Repeat the above, but also set an acl and check whether those high-order mode bits are retained. --b. _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www1.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] ACL interoperability testing J. Bruce Fields
- Re: [nfsv4] ACL interoperability testing Jim Rees