On Mon, Jul 18, 2011 at 9:44 PM, Paul B. Henson <hen...@acm.org> wrote: > Now that illumos has restored the aclmode option to zfs, I would like to > revisit the topic of potentially expanding the suite of available modes. [...]
At one point, I was experimenting with some code for smbfs that would "invent" the mode bits (remember, smbfs does not get mode bits from the remote server, only the ACL). I ended up discarding it there due to objections from reviewers, but the idea might be useful for people who really don't care about mode bits. I'll attempt a description below. The idea: A new "aclmode" setting called "discard", meaning that the users don't care at all about the traditional mode bits. A dataset with aclmode=discard would have the chmod system call and NFS setattr do absolutely nothing to the mode bits. The getattr call would receive mode bits derived from the ACL. (this derivation would actually happen when and acl is stored, not during getattr) The mode bits would be derived from the ACL such that the mode represents the greatest possible access that might be allowed by the ACL, without any consideration of deny entries or group memberships. In detail, that mode derivation might be: The mode's "owner" part would be the union of access granted by any "owner" type ACEs in the ACL and any ACEs where the ACE owner matches the file owner. The mode's "group" part would be the union of access granted by any group ACEs and any ACEs who's type is unknown (all SIDs are of unknown type). The mode's "other" part would be the access granted by an "Everyone" ACE, if present. Would that be of any use? Gordon _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
