Daniel/Frank, We are using v2.3-stable at the moment. I am yet to go through stackable fsals to understand your previous comments. Also, we want to make sure that we aren't hit when we upgrade to v2.4 or latest.
I like the is_super_logic that Frank has proposed, can we have that in Ganesha. I can own the task and publish the change. Thanks, Satya. On Thu, Feb 16, 2017 at 12:50 AM, Frank Filz <ffilz...@mindspring.com> wrote: > >> Frank, >> >> I have subscribed to the list. Apologies for any inconvenience caused. >> >> > This wouldn't actually help since the call to test_access just winds >> > up in fsal_test_access which isn't going to know about your special super >> user. >> > All Ganesha is doing here is not making a test_access call that turns >> > into an fsal_test_access call that would always fail the permission >> > check - or actually, I think it might always pass the permission check >> > for files that don't have an NFS v4 ACL... We would have to change the >> > test_access API to add permissions to check for in mode tests that are >> > outside the mode permission checking... >> >> > The alternative as a general mechanism is to increase the number of >> > calls to the underlying filesystem Ganesha makes which is likely to >> > have a negative impact on other FSAL's performance. >> >> Our filesystem doesn't support NFSv4 ACLs. Sorry to prolong this further but >> just to be clear, we have implemented our own test_access call. In our >> test_access implementation we have a way to figure out if the user is super >> user or not. Agree that removing the check would result in a lot of >> fsal_test_access calls. > > What version of Ganesha do you use? 2.4 and later will not ever call your > FSAL's test_access because FSAL_MDCACHE always calls fsal_test_access and > never calls the underlying FSAL's own test_access. > > Maybe what we need is a way for places that are checking for super user to > call an FSAL is_super_user(creds) method, which of could would default to > returning true only for uid == 0. > > Your implementation of course could do whatever you need to do. > > Then we just have to get out of the habit of checking for uid == 0 and > instead invoke is_super_user(creds)... > > Frank > > > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel