On Tue, 31 Oct 2000, Peter J. Braam wrote:
> Good discussion! A few pieces of information from AFS/Coda land below:
Hey there Peter -- hope life is going well for you.
> > The same lack of semantics on the "id" part which allows local clients
> > to map their own local uid space any way they want, also prevents
> > local clients from doing any useful parsing of remote ids. For remote
> > ids, utf/8 is the only token available.
>
> In fact the world local takes on two meanings. In a large local realm
> it is not feasible for a client to cache the entire local realm's user
> database and perform mappings. It also becomes highly impractical to
> give users the same uid across systems. Interestingly, I think that
> neither Coda nor AFS at present support uid mapping.
This was the conclusion I reached also -- right now, my POSIX.1e ACL
implementation has ACL_TYPE_CODA and ACL_TYPE_AFS which mean that the ID
namespace for each entry in the ACL is the "local" AFS/Coda realm, similar
to handling of chown (and that the AFS/Coda ACL semantics hold). This was
also the rationale for introducing acl_check_{fp,file} in addition to the
POSIX.1e acl_check(), as it allows the caller to check the validity of an
ACL and ACL type on a particular target, rather than globally. That said,
I've not attempted to modify Coda or Arla to use the POSIX.1e ACL
interfaces as yet. Assar seemed to have signed off on these ACL interface
changes as being feasible for Arla, but I don't believe they've actually
tried it either.
The interface has proven sufficient to support my "Coda ACLs on UFS"
implementation, given my personal preference for Coda/AFS ACLs, which
binds a complete ACL only to directories, and supports a more
comprehensive ACL rights set (arwid, etc). Not that I expect to force
this on anyone, of course -- it's POSIX.1e semantics or nothing for most
people.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED] NAI Labs, Safeport Network Services
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to [EMAIL PROTECTED]
