We are using v2.3-stable at the moment. I am yet to go through
stackable fsals to understand your previous comments. Also, we want to
make sure that we aren't hit when we upgrade to v2.4 or latest.

I like the is_super_logic that Frank has proposed, can we have that in
Ganesha. I can own the task and publish the change.


On Thu, Feb 16, 2017 at 12:50 AM, Frank Filz <ffilz...@mindspring.com> wrote:
>> Frank,
>> I have subscribed to the list. Apologies for any inconvenience caused.
>> > This wouldn't actually help since the call to test_access just winds
>> > up in fsal_test_access which isn't going to know about your special super
>> user.
>> > All Ganesha is doing here is not making a test_access call that turns
>> > into an fsal_test_access call that would always fail the permission
>> > check - or actually, I think it might always pass the permission check
>> > for files that don't have an NFS v4 ACL... We would have to change the
>> > test_access API to add permissions to check for in mode tests that are
>> > outside the mode permission checking...
>> > The alternative as a general mechanism is to increase the number of
>> > calls to the underlying filesystem Ganesha makes which is likely to
>> > have a negative impact on other FSAL's performance.
>> Our filesystem doesn't support NFSv4 ACLs. Sorry to prolong this further but
>> just to be clear, we have implemented our own test_access call. In our
>> test_access implementation we have a way to figure out if the user is super
>> user or not. Agree that removing the check would result in a lot of
>> fsal_test_access calls.
> What version of Ganesha do you use? 2.4 and later will not ever call your 
> FSAL's test_access because FSAL_MDCACHE always calls fsal_test_access and 
> never calls the underlying FSAL's own test_access.
> Maybe what we need is a way for places that are checking for super user to 
> call an FSAL is_super_user(creds) method, which of could would default to 
> returning true only for uid == 0.
> Your implementation of course could do whatever you need to do.
> Then we just have to get out of the habit of checking for uid == 0 and 
> instead invoke is_super_user(creds)...
> Frank
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus

Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Nfs-ganesha-devel mailing list

Reply via email to