tech-kern: RE: UFS ACLs and Extended attributes

Subject: RE: UFS ACLs and Extended attributes
To: Elad Efrat <elad@NetBSD.org>
From: Gordon Waidhofer <gww@traakan.com>
List: tech-kern
Date: 09/06/2005 11:29:21
> -----Original Message-----
> From: tech-kern-owner@NetBSD.org [mailto:tech-kern-owner@NetBSD.org]On
> Behalf Of Elad Efrat
> Sent: Tuesday, September 06, 2005 10:59 AM
> To: Gordon Waidhofer
> Cc: tech-kern@netbsd.org
> Subject: Re: UFS ACLs and Extended attributes
> 
> 
> Gordon Waidhofer wrote:
> 
> > Similarly, keep an eye on how NFSv4 Named Attributes pair
> > with EXTATTRs. Solaris, NetApp, and NT are linking NFSv4
> > Named Attributes to what amounts to be subfiles. Linux and
> > BSD EXTATTRs are really not a match.
> 
> What are these ``BSD EXTATTRs'' you speak of? All *I* am
> familiar with are extended attributes that allow you
> to store variable length byte strings associated to name
> tags along with a file.
> 
> Extended attributes are not ACLs. They can store ACLs, they
> can store information that can be called ``subfile''. I think
> you are confusing two terms....

No. I'm not. But that's a common first reaction. The notion
that BSD extended attributes suffice as subfiles is a dead
giveaway that there is hardship confusion in the midst.

Subfiles are accesses with read/write, can be arbitrary size
(perhaps have holes), and contain opaque data (application
meaningless to kernel and over-the-wire protocols). So too
are the NFSv4 Named Attributes (that's the misnomer). BSD/Linux
named "thingies" are accessed with get/set interfaces and are
quite small.

Yes, the BSD/Linux named thingies may be useful internally
to attach non-opaque (meaningful to kernel and over-the-wire
protocols) attributes to a file (like ACLs). But they are
completely useless for userland data. And you can't have both
subfiles and named thingies coexist.

As an exercise, describe how the NetBSD vnode operations map to
the NFSv4 client/server interfaces. Compare and contrast with what
Solaris, NetApp, and NT do. Solaris and NetApp are deploying now
and NT (Hummingbird) is on the bench.

> > I believe it is probably too late to take POSIX ACLs seriously.
> 
> Did anyone ever took them seriously?

Enough folks took them seriously that it's an issue. And
there is a great deal of divergence of POSIX-like ACLs (see
references in my presentation). NFSv4 offers a star-to-steer-by
for convergence.

> 
> -e.
> 
> -- 
> Elad Efrat
> PGP Key ID: 0x666EB914

Regards,
	-gww