lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100201230645.GO19418@fieldses.org>
Date:	Mon, 1 Feb 2010 18:06:45 -0500
From:	"J. Bruce Fields" <bfields@...i.umich.edu>
To:	"Aneesh Kumar K. V" <aneesh.kumar@...ux.vnet.ibm.com>
Cc:	Brad Boyer <flar@...andria.com>, sandeen@...hat.com,
	adilger@....com, tytso@....edu, jlayton@...hat.com,
	nfsv4@...ux-nfs.org, samba@...ts.samba.org,
	linux-fsdevel@...r.kernel.org, sfrench@...ibm.com,
	ffilz@...ibm.com, linux-ext4@...r.kernel.org, agruen@...e.de
Subject: Re: [PATCH 03/23] vfs: rich ACL in-memory representation and
	manipulation

On Mon, Feb 01, 2010 at 11:32:59PM +0530, Aneesh Kumar K. V wrote:
> I guess id mapping needs more work in the patch. I would really like
> to hear from both NFS and Samba people in how they would like the
> id details to be stored. If we can't map an incoming user@...ain
> request on nfs, I guess we definitely don't want to store the acl with
> 'nobody' id

I don't see the point in allowing the acl's to refer to arbitrary
user@...ain strings unless we're also going to allow those strings as
file owners, allow processes to run *as* one of those strings, etc.

If we're really going to try to teach the core kernel to handle foreign
NFS or Samba identities, that's a separate project.

As long as the kernel's working with ordinary uid's and gid's, the acl's
should do the same, and NFS and Samba can take care of the conversion as
needed.

So I agree that we should be able to use a more compact representation
here.

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ