From owner-freebsd-hackers Sun Dec 29 22:32: 7 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F3DB37B401; Sun, 29 Dec 2002 22:32:05 -0800 (PST) Received: from puffin.mail.pas.earthlink.net (puffin.mail.pas.earthlink.net [207.217.120.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FB0443EC2; Sun, 29 Dec 2002 22:32:05 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0067.cvx22-bradley.dialup.earthlink.net ([209.179.198.67] helo=mindspring.com) by puffin.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 18StT1-0006AL-00; Sun, 29 Dec 2002 22:32:04 -0800 Message-ID: <3E0FE815.653A4844@mindspring.com> Date: Sun, 29 Dec 2002 22:30:45 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: joe mcguckin , freebsd-hackers@freebsd.org Subject: Re: NFS & ACLS's ? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a40341897032c1397ac7a5c7c1b58887e8387f7b89c61deb1d350badd9bab72f9c350badd9bab72f9c Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert Watson wrote: > On Fri, 27 Dec 2002, joe mcguckin wrote: > > Are there any strange interactions between NFS and filesystems that are > > not UFS? E.g. UFS2? Does NFS support new features that these fs's may > > implement? > > NFS can represent many but not all of the services found in UFS1 and UFS2. > Among things it doesn't support are the retrieval and manipulation of BSD > file user flags, system flags, extended attributes, and access control > lists (ACLs). However, NFSv3 does correctly handle enforcement with these > features because clients rely on the server to evaluate protections on > file system objects using an ACCESS RPC. Participation in the enforcement protocol is, unfortunately, voluntary, however. 8-(. > NFS2 evaluates protections on > the client (if I recall correctly) so may not behave properly. s/may not/will not/ > There are > RPC extensions to NFSv3 to retrieve and manipulate ACLs on Solaris, IRIX, > et al, but we don't currently implement those extensions. Last I tried, they were not implemented identically on the various platforms, so I scrapped the idea as being bogus. Without a standard, code is useless. > Likewise, NFSv4 > supports ACL management, but we don't yet implement NFSv4. It shouldn't > be too hard to dig up information on the NFSv3 ACL RPC extensions and > implement them on FreeBSD 5, since the semantics of our ACLs are highly > compatible with Solaris and IRIX. They aren't identical, unforntunately. You can get close by passing one at a time, but it's not really worth it to do local enforcement. I'm actually not a fan of NFSv4. The biggest NFS problems that exist are timesync and locking, and it doesn't solve either one of those very well. I suggested to the RFC authors several times at the draft stage that they include a local timestamp on all operations, which would have eliminated the timesync problem (all times could be represented in responses as deltas from the system time minus the timesync). The only real project to implement, outside of commercial vendors, appears to be a university project on Linux, which from my reckoning is not going well (I greatly admire the CS department attempting the work, so I don't know why that's the case...). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message