[AFS3-std] Per-file ACLs - a few items for discussion
Jeffrey Altman
jaltman@secure-endpoints.com
Mon, 29 Jun 2009 09:52:44 -0400
Jeffrey Hutzelman wrote:
> --On Sunday, June 28, 2009 10:41:46 AM -0400 Jeffrey Altman
> <jaltman@secure-endpoints.com> wrote:
>
>> What the OpenAFS Windows client does is actually quite smart. It avoids
>> a large numbers of FetchStatus calls that are unnecessary because the
>> relevant access right info for the current user is the same on every
>> item in the directory. If a callback already exists on an object in
>> the directory from another user, there is no reason to go obtain another
>> one just to obtain access rights that are already known.
>
> I'm confused. I thought you said the Windows client maintains access
> cache information on a per-object basis; now you're saying it shares
> cached access rights among all objects in a directory, just as the
> UNIX client does. Which is it?
The Windows client maintains an access cache for all objects. If you a
FetchStatus call is performed an access cache entry for that object is
created. However, I forgot/missed that during the access check the
access cache for the directory object is the only one that is used.