[AFS3-std] Per-file ACLs - a few items for discussion

Jeffrey Altman jaltman@secure-endpoints.com
Sun, 28 Jun 2009 10:41:46 -0400


Simon Wilkinson wrote:
>
> On 27 Jun 2009, at 18:39, Marc Dionne wrote:
>
>>
>> First off I believe that clients determine the access rights based on
>> the CallerAccess and AnonymousAccess fields in the FetchStatus
>> structure, not on the actual ACL returned from FetchACL.
>
> Are we really shipping clients which go and find the parent vnode, and
> use that to determine access, rather than just using what they're told
> by FetchStatus?
OpenAFS does.   src/WINNT/afsd/cm_access.c   cm_HaveAccessRights().

If the cm_scache_t is a directory the access rights are used directly. 
Otherwise, the parent cm_scache_t is obtained and the access rights for
the parent are used.
>
> And does _anything_ actually use the results of FetchACL to control
> cache access on the client?
Nothing uses FetchACL.   The effective access rights as returned in the
AFSFetchStatus structure are always used.  

What the OpenAFS Windows client does is actually quite smart.  It avoids
a large numbers of FetchStatus calls that are unnecessary because the
relevant access right info for the current user is the same on every
item in the directory.    If a callback already exists on an object in
the directory from another user, there is no reason to go obtain another
one just to obtain access rights that are already known.

Thinking about this a bit more.  It would be nice if in the future
version of the AFSFetchStatus structure there was a flag that indicated
to a client whether or not the access rights specified on the directory
apply to all of the objects within the directory.   This would make the
client much more efficient in that case.

Jeffrey Altman