NFS ACL support...

[Dominik Kubla]

[Please pardon me for addressing three lists at once, but since it
 somehow touches all bases, i thought it best. -dbk]

Ok folks, here we go...

I checked Solaris, Tru64, HP-UX, Irix, AIX and TrustedBSD to see how
they do it. Here are the results:

		Server				Client
Solaris		nfsd				mount
Tru64		proplistd			mount -o proplist
HP-UX		------------- no ACL over NFS -------------------
Irix		-------- only with Trusted Irix/B ---------------  (see OB1)
AIX4		------------- no ACL over NFS -------------------  (correct?)
TrustedBSD	------------- no ACL over NFS -------------------  (correct?)

Part of the SGI stuff is available as OB1 project (see http://oss.sgi.com/),
the RPC definitions for SUN's NFS extension can be found on any Solaris
system.

The Tru64 solution would fit the current EA/ACL scheme best, since it
is not limited to "just" ACL.  However i couldn't get any info on it
apart from the man pages.  No RPC template file, nothing.  But since
both TrustedBSD and Linux use EA's to store ACL's (and FS-based CAP's)
it would make sense to implement something like this.

The SUN solution has the benefit, that the RPC template file is available,
together with some technical docs from Sun. OTOH it requires us to modify
nfsd and would not allow us to handle generic EA's.

The OB1 stuff is interesting in so far that it addresse far more than
just EA or ACL, it also has code for CAP, MAC and IL, but the code is
taken from Trusted IRIX and not useable as-is.

So the question is: which way to go?  proplistd (Tru64 compatible or not)
or nfsd extension?  Best would be to have both of course, but unless
we somehow get technical information about the Tru64 proplistd implementation
we would loose compatibility there anyhow.

Yours,
  Dominik Kubla
-- 
http://petition.eurolinux.org/index_html - No Software Patents In Europe!
http://petition.lugs.ch/ (in Switzerland)
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message