Now that illumos has restored the aclmode option to zfs, I would like to
revisit the topic of potentially expanding the suite of available modes.
Some of you no doubt recall a fairly lengthy (and sometimes heated ;) )
discussion of this topic on the zfs-discuss mailing list a bit over a
year ago, looks like a fairly comprehensive thread archive is available at:
http://opensolaris.org/jive/thread.jspa?messageID=463237񱆅
The final outcome at the time was decided solely by Sun/Oracle as the
arbitrator of OpenSolaris, and their decision was to simply remove
aclmode entirely. The basis for that decision was not necessarily
technical merit, nor lack of a need for such a feature, but quite simply
a business case analysis -- they felt it would cost them less to support
an operating system without that particular tuning knob.
It's obvious that decision didn't agree with the community, as evidenced
by the re-addition of the option in the open source illumos. I'm hoping
that the community might also be more willing to consider the technical
merits of additional flexibility in the option and be more focused on
providing functionality than on minimizing support costs :).
My basic premise is that there should be some way to effectively treat a
zfs filesystem as ACL-only; while mode bits will most likely be needed
for quite some time for backwards compatibility, they should be treated
as a second-class citizen, reflecting as closely as possible the
intention of the underlying ACL, but in a read-only fashion, with no way
to destroy the underlying ACL by manipulating them.
I initially proposed two extensions to aclmode. First, "deny" -- any
attempt to execute a chmod that would result in a change to the
underlying ACL would fail with a permission denied error. Second,
"discard" -- any attempt to execute a chmod that would result in a
change to the underlying ACL, assuming it would otherwise succeed, would
appear to suceed but not actually change the permissions.
Clearly, these types of modes could cause problems for certain
scenarios. On the other hand, the existing modes also cause problems for
certain scenarios. Ideally, an administrator would have the flexibility
to choose which problems he prefers to deal with :). It would be really
nice if the aclmode could be specified on a per object level rather than
a per file system level, but that would be considerably more difficult
to achieve 8-/.
If illumos would be willing to consider integrating a change like this,
I would like to discuss the technical details and determine the best
possible implementation.
Thanks...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | hen...@csupomona.edu
California State Polytechnic University | Pomona CA 91768
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
