[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY

To: "J. Bruce Fields" <bfields at fieldses.org>, nfsv4 at ietf.org
Subject: Re: [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY
From: Sam Falkner <Sam.Falkner at Sun.COM>
Date: Thu, 15 Oct 2009 15:00:32 -0600
Cc: Frank S Filz <ffilz at us.ibm.com>, Steven French <sfrench at us.ibm.com>, "Aneesh Kumar K.V" <aneesh.kumar at linux.vnet.ibm.com>, Andreas Gruenbacher <agruen at suse.de>
Delivered-to: nfsv4 at core3.amsl.com
In-reply-to: <20091015183707.GA11896 at fieldses.org>
List-archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-help: <mailto:nfsv4-request@ietf.org?subject=help>
List-id: NFSv4 Working Group <nfsv4.ietf.org>
List-post: <mailto:nfsv4@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
References: <20091015081955.GC29479 at skywalker.linux.vnet.ibm.com> <20091015183707.GA11896 at fieldses.org>
Sender: Sam.Falkner at Sun.COM

On Oct 15, 2009, at 12:37 PM, J. Bruce Fields wrote:

On Thu, Oct 15, 2009 at 01:49:55PM +0530, Aneesh Kumar K.V wrote:
Hi,
I am looking for a clarification with respect to below section innfsv4.1 RFC
6.2.1.3.2.  ACE4_DELETE vs. ACE4_DELETE_CHILD

The section states
"If the ACLs in question neither explicitly ALLOW nor DENY eitherof the above,and if MODE4_SVTX is not set on the parent, then the server SHOULDallow theremoval if and only if ACE4_ADD_FILE is permitted. In the casewhere MODE4_SVTXis set, the server may also require the remover to own either theparent or the
target, or may require the target to be writable."
I am wondering why we consider only ACE_ADD_FILE. Why notACE4_ADD_SUBDIRECTORY also ?
I agree, it would probably make more sense to say "if and only if
ACE_ADD_FILE (or, for removal of directories, ACE_ADD_SUBDIRECTORY) is
permitted." (And change "ACE4_ADD_FILE" to "ACE4_ADD_FILE and
ACE4_ADD_SUBDIRECTORY" in the following paragraph.)


I agree.  It was an oversight.

The use of "SHOULD" as opposed to "MUST" here is intentional, and I
think server implementers will need to use some judgement when fitting
these recommendations to their OS's security model.


I agree with this as well.

- Sam

References:
- [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY
  - From: Aneesh Kumar K.V
- Re: [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY
  - From: J. Bruce Fields

Prev by Date: [nfsv4] FedFS Meeting Minutes, 10/15/2009
Next by Date: Re: [nfsv4] Read delegations and LOCK operation
Previous by thread: Re: [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY
Next by thread: Re: [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY
Index(es):
- Date
- Thread