• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: ACL handling for NFSv4
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ACL handling for NFSv4

  • Subject: Re: ACL handling for NFSv4
  • From: Terry Lambert <email@hidden>
  • Date: Thu, 4 Dec 2008 13:11:34 -0800
On Dec 3, 2008, at 1:12 PM, Rick Macklem wrote: 
On Mon, 1 Dec 2008, Terry Lambert wrote:
[good stuff snipped]


I agree with this, but you need to be very careful here.

A lot of client/server enforcement is predicated on the idea that the client and server will be members of the same security association, and being members of the same SA, you will get the same answer for both ends. In most of these cases, the enforcement is intended to be done server-side, while (potentially) being originated client-side or via inheritance.

For NFSv4, the enforcement is done on the server.

For GUID translations for unknown GUIDs, which are "unknown" because you have disconnected your laptop from the corporate network and happened to be using ACLs on it, or you have disconnected your laptop from one of maybe three SAs it's normally a member of (e.g. you are in your home office talking to your home office server(SA 1), your Internet connection is up(SA 2), but your VPN connection into work is currently down(SA 3)), then DS will make up a transient answer for you.

This will boil down to you being likely to get an answer to the first question you ask in this situation, i.e. "please give me a transient GID for this GUID" or "please give me a transient UID for this GUID", but not both.

The ACL support will only me enabled when a mount option is set and that
allows me to document the above in the man page for that option.

Would you mind if I cut/paste some of the above into the man page,
attributing it to you as the author?


Can you paraphrase?

Be aware that I can't guarantee that we're not going to change behaviour in the future, if we see some way of making this less fuzzy.

-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Re: ACL handling for NFSv4 (From: Terry Lambert <email@hidden>)


 >Re: ACL handling for NFSv4 (From: Rick Macklem <email@hidden>)






    

  • Prev by Date:
Re: select() problems

    • 

  • Next by Date:
Obtaining non-exported symbol from kernel on runtime (without the	debug symbols)

    • 

  • Previous by thread:
Re: ACL handling for NFSv4

    • 

  • Next by thread:
select() problems

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •