Tomas Ögren wrote:
On 02 March, 2010 - Carson Gaspar sent me these 0,5K bytes:
I strongly suggest that folks who are thinking about this examine what
NetApp does when exporting NTFS security model qtrees via NFS. It
constructs a mostly bogus set of POSIX permission info based on the ACL.
All access is enforced based on the actual ACL. Sadly for NFSv3 clients
there is no way to see what the actual ACL is, but it is properly
enforced.
ZFS recently stopped doing something similar to this (faking POSIX draft
ACLs), because it can cause data (ACL) corruption.
Client sees a faked ACL over NFS, modifies it and sends it back..
That's only a problem if you allow the client to modify the bogus data,
so don't do that ;-)
NetApp does _not_ expose an ACL via NFSv3, just old school POSIX
mode/owner/group info. I don't know how NetApp deals with chmod, but I'm
sure it's documented.
--
Carson
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
