From: Ondrej Valousek <ondrej.valousek.xm@renesas.com>
To: "Andreas Grünbacher" <andreas.gruenbacher@gmail.com>
Cc: "bug-gnulib@gnu.org" <bug-gnulib@gnu.org>
Subject: RE: [PATCH] Basic support for checking NFSv4 ACLs in Linux
Date: Tue, 15 Nov 2022 09:17:18 +0000 [thread overview]
Message-ID: <OSAPR01MB1843F6BC883EC06CDA4A4271D9049@OSAPR01MB1843.jpnprd01.prod.outlook.com> (raw)
In-Reply-To: <CAHpGcM+005TioM6YHrpkmy5Cvhs49Kz63JV202xq=oivbreXzw@mail.gmail.com>
> * If an ALLOW entry has any mask bits set that don't correspond to the UNIX rwx permissions, we don't have a trivial ACL.
Do we really have to do this?
I mean from RFC8881:
" The server that supports both mode and ACL must take care to synchronize the MODE4_*USR, MODE4_*GRP, and MODE4_*OTH bits with the ACEs that have respective who fields of "OWNER@", "GROUP@", and "EVERYONE@". This way, the client can see if semantically equivalent access permissions exist whether the client asks for the owner, owner_group, and mode attributes or for just the ACL."
... I take it these 3 ACEs should always represent mode bits.
Or if you really wish I can shamelessly steal the AIX code there and put smth like this:
If (aceMask & ~(ACE4_READ_DATA | ACE4_LIST_DIRECTORY
| ACE4_WRITE_DATA | ACE4_ADD_FILE
| ACE4_EXECUTE)) == 0)) return 1;
Thanks,
Ondrej
next prev parent reply other threads:[~2022-11-15 9:22 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-14 8:16 [PATCH] Basic support for checking NFSv4 ACLs in Linux Ondrej Valousek
2022-11-14 12:49 ` Andreas Grünbacher
2022-11-15 9:17 ` Ondrej Valousek [this message]
2022-11-15 12:24 ` Andreas Grünbacher
2022-11-15 12:35 ` Andreas Grünbacher
2022-11-15 12:46 ` Ondrej Valousek
2022-11-15 13:14 ` Andreas Grünbacher
2022-11-16 9:51 ` Ondrej Valousek
2022-11-15 2:45 ` Paul Eggert
2022-11-15 7:00 ` Andreas Grünbacher
-- strict thread matches above, loose matches on Subject: below --
2022-12-02 12:40 Ondrej Valousek
2022-12-02 13:33 ` Bruno Haible
2022-12-22 17:04 ` Bruno Haible
2022-12-23 23:32 ` Paul Eggert
2022-12-24 13:00 ` Ondrej Valousek
2022-12-24 19:27 ` Paul Eggert
2022-12-28 4:13 ` Paul Eggert
2022-12-28 9:07 ` Ondrej Valousek
2022-12-28 17:09 ` Paul Eggert
2022-12-01 14:24 Ondrej Valousek
2022-12-02 0:58 ` Bruno Haible
2022-12-01 9:50 Ondrej Valousek
2022-12-01 11:52 ` Bruno Haible
2022-11-24 17:08 Ondrej Valousek
2022-11-25 2:46 ` Bruno Haible
2022-11-25 9:34 ` Andreas Grünbacher
2022-11-25 10:17 ` Andreas Grünbacher
2022-11-28 7:29 ` Ondrej Valousek
2022-11-29 10:58 ` Andreas Grünbacher
[not found] <20221109152951.1003859-1-ondrej.valousek.xm@renesas.com>
[not found] ` <CAHpGcM+=+9Qp1umqzmP-aXHbEPtu8xB_hYP6kNk8UY52WOXpKA@mail.gmail.com>
[not found] ` <TY1PR01MB1850006B3019A6BA823B5859D9019@TY1PR01MB1850.jpnprd01.prod.outlook.com>
[not found] ` <CAHpGcMKSM7Sgc3jnexdRSajFhC8q0pTcg+M7LNpJs8cMRBgjqQ@mail.gmail.com>
2022-11-11 8:40 ` Ondrej Valousek
2022-11-13 19:32 ` Paul Eggert
2022-11-09 15:32 Ondrej Valousek
2022-10-27 9:34 Ondrej Valousek
2022-10-27 19:52 ` Bruno Haible
2022-10-28 14:33 ` Ondrej Valousek
2022-10-30 18:36 ` Paul Eggert
2022-10-31 8:05 ` Ondrej Valousek
2022-10-31 19:36 ` Paul Eggert
2022-11-07 12:45 ` Ondrej Valousek
2022-11-08 22:11 ` Andreas Grünbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=OSAPR01MB1843F6BC883EC06CDA4A4271D9049@OSAPR01MB1843.jpnprd01.prod.outlook.com \
--to=ondrej.valousek.xm@renesas.com \
--cc=andreas.gruenbacher@gmail.com \
--cc=bug-gnulib@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).