On Wed, Jul 24, 2013 at 7:46 PM, Glenn Fowler <[email protected]> wrote: > > On Wed, 24 Jul 2013 18:52:57 +0200 Tina Harriott wrote: >> On 23 July 2013 20:43, Glenn Fowler <[email protected]> wrote: >> > >> > On Tue, 23 Jul 2013 19:16:43 +0200 Tina Harriott wrote: >> >> I hope this is the right place to report to. On Suse Linux nfs4 ACL >> >> lists are not preserved if I copy files with ksh's builtin cp command. >> > >> >> To demonstrate: >> >> 1. touch aaa >> > >> >> 2. nfs4_setfacl -a A::testuser@localdomain:RX aaa >> > >> >> 3. nfs4_getfacl aaa >> >> D::OWNER@:x >> >> A::OWNER@:rwatTcCy >> >> A::1000:rxtcy <----- new ACL entry >> >> A::GROUP@:rtcy >> >> A::EVERYONE@:rtcy >> > >> >> 4. ksh -c 'builtin cp; cp aaa aaa_copy' >> > >> >> 5. nfs4_getfacl aaa_copy >> >> D::OWNER@:x >> >> A::OWNER@:rwatTcCy >> >> A::GROUP@:rxtcy >> >> A::EVERYONE@:rtcy >> > >> >> The new ACL entry is missing in the copy. cp options -a and -p have no >> >> effect. >> > >> >> Is this functionality missing or just broken. ACL support is IMO a >> >> mandatory enterprise system feature and needs to be supported. >> > >> > missing >> > on the todo list > >> How long will it take to implement it? > > acls have always been a portability sore point > we avoided doing anything because no-one has presented an api > that handles all our needs across varying architectures/implementations > > in particular we need an api that > converts a string rep to binary > converts a binary rep to string > applies a binary acl to a file/fd > retrives a binary acl from a file/fd > > I don't use acls because whenever they have been forced on me > I manage to get painted into all sorts of corners that prevent work at > inopportune times > > a thing I really don't like is they bleed into non-acl apis/commands in > strange ways > should ls/chown/chmod/mv/ln grok acls? > what about other commands/apis that copy files and don't use cp(1) or pax(1)? > how much stuff needs to be added around each open(O_CREAT) to make acls > seamless? > is there an acl equivalent to umask(1)/umask(2)? > > ast encompasses a lot of apis/commands > the main reason behind doing it in the first place is uniform semantics > across all of ast > I don't see uniformity in acls at the moment > but I can be convinced ...
Glenn, have you talked to Roland Mainz lately about ACL support? He had a prototype for cp and mv for Opensolaris in around 2009 or 2010. Irek _______________________________________________ ast-users mailing list [email protected] http://lists.research.att.com/mailman/listinfo/ast-users
