> Frank, > > I have subscribed to the list. Apologies for any inconvenience caused. > > > This wouldn't actually help since the call to test_access just winds > > up in fsal_test_access which isn't going to know about your special super > user. > > All Ganesha is doing here is not making a test_access call that turns > > into an fsal_test_access call that would always fail the permission > > check - or actually, I think it might always pass the permission check > > for files that don't have an NFS v4 ACL... We would have to change the > > test_access API to add permissions to check for in mode tests that are > > outside the mode permission checking... > > > The alternative as a general mechanism is to increase the number of > > calls to the underlying filesystem Ganesha makes which is likely to > > have a negative impact on other FSAL's performance. > > Our filesystem doesn't support NFSv4 ACLs. Sorry to prolong this further but > just to be clear, we have implemented our own test_access call. In our > test_access implementation we have a way to figure out if the user is super > user or not. Agree that removing the check would result in a lot of > fsal_test_access calls.
What version of Ganesha do you use? 2.4 and later will not ever call your FSAL's test_access because FSAL_MDCACHE always calls fsal_test_access and never calls the underlying FSAL's own test_access. Maybe what we need is a way for places that are checking for super user to call an FSAL is_super_user(creds) method, which of could would default to returning true only for uid == 0. Your implementation of course could do whatever you need to do. Then we just have to get out of the habit of checking for uid == 0 and instead invoke is_super_user(creds)... Frank --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
