From owner-freebsd-hackers  Sun Dec 29 21:35:59 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 60B7C37B401
	for <freebsd-hackers@freebsd.org>; Sun, 29 Dec 2002 21:35:58 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D444C43EB2
	for <freebsd-hackers@freebsd.org>; Sun, 29 Dec 2002 21:35:57 -0800 (PST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.6/8.12.5) with SMTP id gBU5Zw1Z094401;
	Mon, 30 Dec 2002 00:35:58 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Mon, 30 Dec 2002 00:35:58 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: joe mcguckin <joe@via.net>
Cc: freebsd-hackers@freebsd.org
Subject: Re: NFS & ACLS's ?
In-Reply-To: <BA32252B.1B1BF%joe@via.net>
Message-ID: <Pine.NEB.3.96L.1021229235134.80032B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


On Fri, 27 Dec 2002, joe mcguckin wrote:

> Are there any strange interactions between NFS and filesystems that are
> not UFS? E.g. UFS2? Does NFS support new features that these fs's may
> implement? 

NFS can represent many but not all of the services found in UFS1 and UFS2. 
Among things it doesn't support are the retrieval and manipulation of BSD
file user flags, system flags, extended attributes, and access control
lists (ACLs). However, NFSv3 does correctly handle enforcement with these
features because clients rely on the server to evaluate protections on
file system objects using an ACCESS RPC.  NFS2 evaluates protections on
the client (if I recall correctly) so may not behave properly.  There are
RPC extensions to NFSv3 to retrieve and manipulate ACLs on Solaris, IRIX,
et al, but we don't currently implement those extensions.  Likewise, NFSv4
supports ACL management, but we don't yet implement NFSv4.  It shouldn't
be too hard to dig up information on the NFSv3 ACL RPC extensions and
implement them on FreeBSD 5, since the semantics of our ACLs are highly
compatible with Solaris and IRIX.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message