All of lore.kernel.org
 help / color / mirror / Atom feed
From: NeilBrown <neilb@suse.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH - nfsv4-acl-tools] nfs4_ace_from_string: ignore inheritance ACEs on non-directories.
Date: Wed, 16 Mar 2016 09:32:10 +1100	[thread overview]
Message-ID: <8737rrgyol.fsf@notabene.neil.brown.name> (raw)
In-Reply-To: <20160314210659.GB22276@fieldses.org>

[-- Attachment #1: Type: text/plain, Size: 1635 bytes --]

On Tue, Mar 15 2016, J. Bruce Fields wrote:

> On Wed, Feb 24, 2016 at 02:54:18PM +1100, NeilBrown wrote:
>> 
>> If you try to use
>>      nfs4_setfacl -R -a A:d:........   directory
>> 
>> to recursively set an inheritance ACE on all directories in a tree, it
>> will fail on the first non-directory as setting an inheritance ACE
>> there is not permitted (and as it aborts on the first sign of an error).
>> 
>> So use the is_dir flag to avoid doing that, just as is done with the
>> DELETE_CHILD permission.
>> 
>> Signed-off-by: NeilBrown <neilb@suse.com>
>> ---
>> 
>> Hi Bruce,
>>  are you still maintaining nfsv4-acl-tools?  Last commit was over
>>  a year ago!! I guess that means it is nearly perfect :-)
>
> Alas, it could probably use some love.  I'm hoping richacls take over,
> though.  Eventually.
>
>>  A customer came across this problem and it seems simple to fix,
>>  but if I'm missing something important, please let me know.
>
> I didn't trace carefully through the callers, but I suspect this'll also
> mean that nfs4_setfacl also silently discards inheritable ACEs in some
> cases where the user could know better, instead of erroring out?

I guess so.  If you give a file on the command line then you still want
the error.  If you give a directory and "-R" you don't.  I wonder how
much work that would be....

>
> But, honestly, I'm not necessarily even sure which is the better
> behavior, and -R needs to work, so, applying.

Thanks.

>
> Futher patches, or volunteers for maintenance, welcome....

:-)  Patches, maybe.  The rest - not me!!

Thanks,
NeilBrown

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

      reply	other threads:[~2016-03-15 22:32 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-24  3:54 [PATCH - nfsv4-acl-tools] nfs4_ace_from_string: ignore inheritance ACEs on non-directories NeilBrown
2016-03-14 21:06 ` J. Bruce Fields
2016-03-15 22:32   ` NeilBrown [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8737rrgyol.fsf@notabene.neil.brown.name \
    --to=neilb@suse.com \
    --cc=bfields@fieldses.org \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.