[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY

To: Greg Banks <gnb at fmeh.org>
Subject: Re: [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY
From: Andreas Gruenbacher <agruen at suse.de>
Date: Fri, 16 Oct 2009 02:37:35 +0200
Cc: "J. Bruce Fields" <bfields at fieldses.org>, Frank S Filz <ffilz at us.ibm.com>, Steven French <sfrench at us.ibm.com>, "Aneesh Kumar K.V" <aneesh.kumar at linux.vnet.ibm.com>, nfsv4 at ietf.org
Delivered-to: nfsv4 at core3.amsl.com
In-reply-to: <20091015183707.GA11896 at fieldses.org>
List-archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-help: <mailto:nfsv4-request@ietf.org?subject=help>
List-id: NFSv4 Working Group <nfsv4.ietf.org>
List-post: <mailto:nfsv4@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
Organization: SUSE Labs / Novell
References: <20091015081955.GC29479 at skywalker.linux.vnet.ibm.com> <20091015183707.GA11896 at fieldses.org>
User-agent: KMail/1.9.9

On Thursday, 15 October 2009 20:37:07 J. Bruce Fields wrote:
> On Thu, Oct 15, 2009 at 01:49:55PM +0530, Aneesh Kumar K.V wrote:
> > Hi,
> >
> > I am looking for a clarification with respect to below section in nfsv4.1
> > RFC
> >
> > 6.2.1.3.2.  ACE4_DELETE vs. ACE4_DELETE_CHILD
> >
> > The section states
> > "If the ACLs in question neither explicitly ALLOW nor DENY either of the
> > above, and if MODE4_SVTX is not set on the parent, then the server SHOULD
> > allow the removal if and only if ACE4_ADD_FILE is permitted. In the case
> > where MODE4_SVTX is set, the server may also require the remover to own
> > either the parent or the target, or may require the target to be
> > writable."
> >
> > I am wondering why we consider only ACE_ADD_FILE. Why not
> > ACE4_ADD_SUBDIRECTORY also ?
>
> I agree, it would probably make more sense to say "if and only if
> ACE_ADD_FILE (or, for removal of directories, ACE_ADD_SUBDIRECTORY) is
> permitted." (And change "ACE4_ADD_FILE" to "ACE4_ADD_FILE and
> ACE4_ADD_SUBDIRECTORY" in the following paragraph.)
>
> The use of "SHOULD" as opposed to "MUST" here is intentional, and I
> think server implementers will need to use some judgement when fitting
> these recommendations to their OS's security model.

The code at http://www.suse.de/~agruen/nfs4acl/ doesn't implement the 
ACE_ADD_{FILE,SUBDIRECTORY} and IIRC there was a reason for that -- but I 
don't remember anymore. Greg, do you?

Thanks,
Andreas

References:
- [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY
  - From: Aneesh Kumar K.V
- Re: [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY
  - From: J. Bruce Fields

Prev by Date: Re: [nfsv4] Read delegations and LOCK operation
Next by Date: Re: [nfsv4] Pharmacy Online Sale 80% OFF!
Previous by thread: Re: [nfsv4] nfsv4.1 acl: Remove operation and ACE4_ADD_SUBDIRECTORY
Next by thread: [nfsv4] Read delegations and LOCK operation
Index(es):
- Date
- Thread