Native NFSv4 Access Control Lists on Linux
Speaker | Andreas Gruenbacher |
---|---|
Time | 2007-01-19 11:00 |
Conference | LCA2007 |
POSIX ACLs (withdrawn draft standard)
Windows ACLs
NFSv4 ACLs
Traditional nix permission model
Posix ACLs
- draft standard withdrawn
- read, write, execute
- compatible with traditional permissions
- not setuid/setgid
CIFS ACLs (aka NTFS ACLs)
- Samba maps CIFs ACLs to/from POSIX ACLs.
NFSv4 ACLs
- modelled from CIFS
- RFC3530
- interaction with POSIX poorly defined
- Linux NFSv4 maps NFSv4 to/from POSIX
- CIFs wierdness (some) gone
- IETF standard
Netapp/EMC NAS
- last mode set wins
- POSIX permission model + CIFS ACLs
Samba 4
- store ACL as EAs
UFS2, GPFS, ZFS
NFSv4 ACLs
for every permission
for every ACL item in list
if permission granted or denied
set as given
break
else
continue searching
end
end
end
unix permissions
rwx—rwx: owner: allow; everyone allow; everyone has full privileges
owner and group restricted
setuid/setgid- not ACLs
needs to be incorporated into kernel, proprietary code