--On Friday, June 26, 2009 01:55:33 PM -0400 Jeffrey Altman
<[email protected]> wrote:
Jeffrey Hutzelman wrote:
Like it or not, it's what we must do. Setting this bit is necessary
to prevent older cache managers from determine file access by looking
primarily at the user's (presumably cached) access rights on the
containing directory. The CM understands that some access is
controlled by the UNIX u+rw bits on the file and by the AFS 'a' ACL
bit on the file, but to get it to handle AFS access rights on a
per-file basis, the VLF_DFSFILESET flag must be set.
I assume this flag is going to be triggered by upgrading the VLDB
servers to set it. We can't guarantee that file servers and VLDB
servers will be updated at the same time. It is frequently the case
that VLDB servers are upgraded long after the file servers are. This
is an implementation detail we are going to have to pay attention to
from a documentation perspective if nothing else.
VLDB servers can't just set it; it'll need to be something the fileserver
communicates at registration time; that is, whenever the fileserver starts.
Note that it is not a problem for the fileserver to implement the necessary
behaviors for a DFS-mode client to work even if the client is not DFS-mode.
However, the fileserver should not allow per-file ACL's to be set via
RXAFS_StoreACL2 unless it has successfully advertised its support for them
via the VLDB registration interface.
So yes, documentation is necessary, but we can fairly easily prevent people
from shooting themselves in the foot if they upgrade their fileservers
before the vlservers.
-- Jeff
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
