Modified Access Checks for CIFS [PSARC/2007/403 FastTrack timeout 07/16/2007]
Rich Brown
Rich.Brown at sun.com
Tue Jul 10 09:14:27 PDT 2007
Don Cragun wrote:
>> Date: Mon, 09 Jul 2007 11:53:38 -0600 (MDT)
>> From: Tim Haley - Sun Microsystem <timh at spidey.central.sun.com>
> ... ... ...
>> EXPORTED INTERFACE TABLE
>>
>> |Proposed |Specified |
>> |Stability |in what |
>> Interface Name |Classification |Document? | Comments
>> ===============================================================================
>> |Consolidation |This |
>> VFSFT_ACEMASKONACCESS |Private |Document | Registerable vfs
>> | | | feature
>> | | |
>> ATTR_NOACLCHECK | | | New flag for VOPs
>> | | | that modify/retrieve
>> | | | attributes and ACLs
>> | | |
>> V_ACE_MASK | | | New VOP_ACCESS() flag
>> | | | to accept an ACE-style
>> | | | access mask.
>> | | |
>> V_APPEND | | | New VOP_ACCESS() flag
>> | | | to check for ACE-
>> | | | enforced append-only
>> | | | access
>
> With of these new filesystem specific features being added, shouldn't
> new *pathconf() variables and getconf path_vars also be added to allow
> applications to determine if they can make use of these features in
> particular places in the file hierarchy?
>
> - Don
>
Applications won't have any control over how the access checks are done. There are
no changes proposed to allow applications to use ACE-style permissions. For now,
the CIFS server will be the only entity making use of ACE-style access checks and
requesting that ACL checks be skipped.
If, at some point, a new/modified API were required to give applications that ability,
then a new pathconf variable would be a good idea.
Thanks,
Rich
More information about the opensolaris-arc
mailing list