On Wed, 24 Jul 2013 21:09:12 +0200 Irek Szczesniak wrote: > On Wed, Jul 24, 2013 at 7:46 PM, Glenn Fowler <[email protected]> wrote: > > > > On Wed, 24 Jul 2013 18:52:57 +0200 Tina Harriott wrote: > >> On 23 July 2013 20:43, Glenn Fowler <[email protected]> wrote: > >> > > >> > On Tue, 23 Jul 2013 19:16:43 +0200 Tina Harriott wrote: > >> >> I hope this is the right place to report to. On Suse Linux nfs4 ACL > >> >> lists are not preserved if I copy files with ksh's builtin cp command. > >> > > >> >> To demonstrate: > >> >> 1. touch aaa > >> > > >> >> 2. nfs4_setfacl -a A::testuser@localdomain:RX aaa > >> > > >> >> 3. nfs4_getfacl aaa > >> >> D::OWNER@:x > >> >> A::OWNER@:rwatTcCy > >> >> A::1000:rxtcy <----- new ACL entry > >> >> A::GROUP@:rtcy > >> >> A::EVERYONE@:rtcy > >> > > >> >> 4. ksh -c 'builtin cp; cp aaa aaa_copy' > >> > > >> >> 5. nfs4_getfacl aaa_copy > >> >> D::OWNER@:x > >> >> A::OWNER@:rwatTcCy > >> >> A::GROUP@:rxtcy > >> >> A::EVERYONE@:rtcy > >> > > >> >> The new ACL entry is missing in the copy. cp options -a and -p have no > >> >> effect. > >> > > >> >> Is this functionality missing or just broken. ACL support is IMO a > >> >> mandatory enterprise system feature and needs to be supported. > >> > > >> > missing > >> > on the todo list > > > >> How long will it take to implement it? > > > > acls have always been a portability sore point > > we avoided doing anything because no-one has presented an api > > that handles all our needs across varying architectures/implementations > > > > in particular we need an api that > > converts a string rep to binary > > converts a binary rep to string > > applies a binary acl to a file/fd > > retrives a binary acl from a file/fd > > > > I don't use acls because whenever they have been forced on me > > I manage to get painted into all sorts of corners that prevent work at > > inopportune times > > > > a thing I really don't like is they bleed into non-acl apis/commands in > > strange ways > > should ls/chown/chmod/mv/ln grok acls? > > what about other commands/apis that copy files and don't use cp(1) or > > pax(1)? > > how much stuff needs to be added around each open(O_CREAT) to make acls > > seamless? > > is there an acl equivalent to umask(1)/umask(2)? > > > > ast encompasses a lot of apis/commands > > the main reason behind doing it in the first place is uniform semantics > > across all of ast > > I don't see uniformity in acls at the moment > > but I can be convinced ...
> Glenn, have you talked to Roland Mainz lately about ACL support? He > had a prototype for cp and mv for Opensolaris in around 2009 or 2010. not lately but I recall the opensolaris part and that may have limited my interest we need something usable in cp/mv/pax for starters pax is the kicker because it has to work between different acl implementations including windows _______________________________________________ ast-users mailing list [email protected] http://lists.research.att.com/mailman/listinfo/ast-users
