[AFS3-std] Per-file ACLs - a few items for discussion

Jeffrey Hutzelman jhutz@cmu.edu
Fri, 26 Jun 2009 14:12:39 -0400


--On Friday, June 26, 2009 01:55:33 PM -0400 Jeffrey Altman 
<jaltman@secure-endpoints.com> wrote:

> Jeffrey Hutzelman wrote:
>> Like it or not, it's what we must do.  Setting this bit is necessary
>> to prevent older cache managers from determine file access by looking
>> primarily at the user's (presumably cached) access rights on the
>> containing directory.  The CM understands that some access is
>> controlled by the UNIX u+rw bits on the file and by the AFS 'a' ACL
>> bit on the file, but to get it to handle AFS access rights on a
>> per-file basis, the VLF_DFSFILESET flag must be set.
> I assume this flag is going to be triggered by upgrading the VLDB
> servers to set it.  We can't guarantee that file servers and VLDB
> servers will be updated at the same time.  It is frequently the case
> that VLDB servers are upgraded long after the file servers are.   This
> is an implementation detail we are going to have to pay attention to
> from a documentation perspective if nothing else.

VLDB servers can't just set it; it'll need to be something the fileserver 
communicates at registration time; that is, whenever the fileserver starts. 
Note that it is not a problem for the fileserver to implement the necessary 
behaviors for a DFS-mode client to work even if the client is not DFS-mode. 
However, the fileserver should not allow per-file ACL's to be set via 
RXAFS_StoreACL2 unless it has successfully advertised its support for them 
via the VLDB registration interface.

So yes, documentation is necessary, but we can fairly easily prevent people 
from shooting themselves in the foot if they upgrade their fileservers 
before the vlservers.

-- Jeff