bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH] Basic support for checking NFSv4 ACLs in Linux


From: Ondrej Valousek
Subject: RE: [PATCH] Basic support for checking NFSv4 ACLs in Linux
Date: Tue, 15 Nov 2022 09:17:18 +0000

> * If an ALLOW entry has any mask bits set that don't correspond to the UNIX 
> rwx permissions, we don't have a trivial ACL.
Do we really have to do this?
I mean from RFC8881:
" The server that supports both mode and ACL must take care to synchronize the 
MODE4_*USR, MODE4_*GRP, and MODE4_*OTH bits with the ACEs that have respective 
who fields of "OWNER@", "GROUP@", and "EVERYONE@". This way, the client can see 
if semantically equivalent access permissions exist whether the client asks for 
the owner, owner_group, and mode attributes or for just the ACL."

... I take it these 3 ACEs should always represent mode bits.

Or if you really wish I can shamelessly steal the AIX code there and put smth 
like this:
If (aceMask & ~(ACE4_READ_DATA | ACE4_LIST_DIRECTORY
                                 | ACE4_WRITE_DATA | ACE4_ADD_FILE
                                 | ACE4_EXECUTE)) == 0)) return 1;

Thanks,
Ondrej

reply via email to

[Prev in Thread] Current Thread [Next in Thread]