ABE share property for NFS and SMB [PSARC/2009/375 Self Review]

Tim Haley Tim.Haley at sun.com
Tue Jun 30 18:16:17 PDT 2009 

I am sponsoring this case on behalf of Alan Wright.  Requested binding
is minor/patch.  The case provides a new NFS and SMB share property
enabling ABE filtering.  Since the proposal is so straight-forward I
believe it qualifies for self-review.  If anyone disagrees, please let
me know and I'll promote this to a fast-track.

Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
    1.1. Project/Component Working Name:
	 ABE share property for NFS and SMB
    1.2. Name of Document Author/Supplier:
	 Author:  Alan Wright
    1.3  Date of This Document:
	30 June, 2009

4. Technical Description
    4.1. Details:

	This case proposes a new share property to support Access Based
	Enumeration (ABE) on NFS and SMB shares.

	The NFS and SMB services will consume the interface defined by
	PSARC/2009/246, which added ABE support to ZFS.  The ABE share
	property will provide administrators with the ability to enable
	ACL based directory content filtering on NFS and SMB shares.
	As described in PSARC/2009/246, with ABE enabled, entries to
	which the requesting user has no access will be omitted from
	the dirent data returned by the file system.

	Additional information is available in the following RFEs:
	6802734 Support for Access Based Enumeration
	6802736 SMB share support for Access Based Enumeration 

	The proposed property name and values are:

		abe=boolean

	Values of type boolean take either true or false.

    4.2. Bug/RFE Number(s):
	6802736 SMB share support for Access Based Enumeration

    4.6. Doc Impact:

	Modifications to the sharemgr(1M) man page:

+        abe=boolean
+
+	    Set the access based enumeration (ABE) policy for the share.
+	    When set to true ABE filtering is enabled on this share and
+	    directory entries to which the requesting user has no access
+	    will be omitted from directory listings returned to the client.
+	    When set to false or not defined ABE filtering will not be
+	    performed on this share.  This property is not defined by
+	    default.

6. Resources and Schedule
    6.4. Steering Committee requested information
   	6.4.1. Consolidation C-team Name:
		ON
    6.5. ARC review type: Automatic
    6.6. ARC Exposure: open

More information about the opensolaris-arc mailing list