| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Oct 2015 10:15:19 -0500 From: Steve French <smfrench@...il.com> To: Andreas Gruenbacher <agruenba@...hat.com> Cc: Christoph Hellwig <hch@...radead.org>, Andreas Dilger <adilger@...ger.ca>, Austin S Hemmelgarn <ahferroin7@...il.com>, Alexander Viro <viro@...iv.linux.org.uk>, "Theodore Ts'o" <tytso@....edu>, "J. Bruce Fields" <bfields@...ldses.org>, Jeff Layton <jlayton@...chiereds.net>, Trond Myklebust <trond.myklebust@...marydata.com>, Anna Schumaker <anna.schumaker@...app.com>, linux-ext4 <linux-ext4@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, linux-fsdevel <linux-fsdevel@...r.kernel.org>, "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>, Linux API <linux-api@...r.kernel.org>, samba-technical <samba-technical@...ts.samba.org> Subject: Re: [PATCH v8 00/41] Richacls On Wed, Oct 7, 2015 at 8:38 AM, Andreas Gruenbacher <agruenba@...hat.com> wrote: > On Wed, Oct 7, 2015 at 9:50 AM, Christoph Hellwig <hch@...radead.org> wrote: >> On Tue, Oct 06, 2015 at 02:26:09PM -0600, Andreas Dilger wrote: >>> And any disk filesystems that have their own non-POSIX ACLs, such as HFS, NTFS, ZFS would presumably also need to map the in-kernel Richacl format to their on-disk format. >> >> No, we did this mistake with Posix ACLs, and we're not going to repeat >> it here. Filesystems with their own slightly different ACLs must not >> reuse the interface. > > Well, things may not be quite as clearly delineated. We currently have > code in nfsd for mapping between NFSv4 ACLs on the wire and POSIX ACLs > on local file systems. This mapping is problematic because of the > semantic differences between NFSv4 ACLs and POSIX ACLs (different sets > of permissions, access and default acl vs. inheritance flags, > different permission check algorithm). I wish we could have avoided > that. > > Richacls are designed to support NFSv4 ACLs on top of POSIX systems. > This means that they should obviously be supported by the NFSv4 server > and client (see the patches) and by the common local filesystems. > > ACLs on NTFS and ZFS mostly fit into the same model. The big remaining > difference there is how users and groups are identified: NTFS used > SIDs (https://en.wikipedia.org/wiki/Security_Identifier); ZFS could be > said to use a hybrid UID / GID / SID model. Exposing those ACLs as > richacls would make sense if we can find a clean way of handling this > aspect. Samba (e.g. winbind service) has mapping libraries for mapping SIDs to UIDs (CIFS ACLs already have the same issue of SID to UID mapping which we handle with upcalls) and Samba has various pluggable ways to handle UID mapping and is easily extensible. Similarly NFSv4 ACLs, although closely related to CIFS/NTFS ACLs have to be map usernames to uids. -- Thanks, Steve -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists