--On Tuesday, October 28, 2008 09:57:46 AM -0400 Michael Meffie
<[EMAIL PROTECTED]> wrote:
Simon Wilkinson wrote:
On 27 Oct 2008, at 15:15, Michael Meffie wrote:
Jeffrey Hutzelman wrote:
--On Monday, October 20, 2008 09:51:15 AM -0400 Michael Meffie
<[EMAIL PROTECTED]> wrote:
Since the C acl is documented as having no default meaning,
this is conditionally compiled into the fileserver with
the --enable-posix-chown option (disabled by default).
As discussed at the recent hackathon, the bit to be used should be
determined at configure time, rather than being hard coded. This
allows sites that wish to use this feature to map it onto an ACL bit
they are not already using. Thus, one would have to configure with
an option like --enable-posix-chown=C (with legal values being
[ABCDEFGH] and "no", and maybe even 'a' or 'w', but not "yes").
The attached patch includes the code to set which ACL bit is to
be used. The configure switch has been changed to
--enable-permit-chown-acl
which can be used to specify which ACL bit is used and defaults
to disabled.
Please, please, please don't make this configurable. From a user
experience point of view it's horrific. Having the ACL bit which
controls this behaviour differ between cells (and even between
fileservers) will confuse any user who moves between sites, or even who
reads a different site's documentation when trying to come to grips with
AFS. It spectacularly violates the principle of least surprise.
All good points. I've found even testing of this patch to be
interesting, something which we probably want to avoid for
a security sensitive change.
We should either pick a bit, and make it globally consistent (and
reserved on those fileservers which don't enable the behaviour), or
defer this feature until we have more ACL bits to play with.
We can't pick a bit, because there aren't any bits available. This is
inherently a site-specific extension, and selection of a suitable bit can
be done only by the site administrator who knows what other bits are
already being used. This is also why the extension is disabled by default
-- in its current form, it can only be used when the site makes a
deliberate decision to add non-standard functionality.
What would the process be to pick a bit? Derrick originally suggested
'C', which seems to be a fine choice and easy to remember.
There is no process; there are no bits available.
How could we have more ACL bits to play with? Does that entail
an on disk format change?
Yes, and more. There's nowhere to store additional bits either in the
current vnode index format and no way to represent them on the wire (though
we might be able to finesse the last, given the way these values are
represented).
-- Jeff
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
