1. RichACL & Gluster Rajesh Joseph GlusterFS Dev Team
2. 05/22/15 AGENDA Unix Permission Model POSIX. 1e ACL Windows
ACL NFSv4 ACL RichACL Gluster & RichACL Q&A
3. 05/22/15 Unix Permission Model Standardized in POSIX. 1
Permissions based on three classes: User Group Others Read (r),
Write (w) and execute (x) permission bits Separate namespaces for
UIDs and GIDs
4. 05/22/15 POSIX.1e ACL More flexible ACL is variable length
list of ACEs (Access Control Entries) Types of ACL entries Owner
(user::rwx) Named User (user::rwx) Owning Group (group::rwx) Named
Group (group::rwx) Mask (mask::rwx) Others (other::rwx)
5. 05/22/15 POSIX.1e ACL Only ALLOW mode with three permission
bits Read (r) Write (w) Execute (x) Minimal ACL Extended ACL
6. POSIX.1e ACL r w - r - - - - - O w ner C lass O ther C lass
G roup C lass Minimal Acess Control List User::rw- Other::r--
Group::r--
7. POSIX.1e ACL r w - r w - - - - O w ner C lass O ther C lass
G roup C lass Extended Acess Control List User::rw- Group::r--
User:joe:rw- Other::--- mask::rw-
8. 05/22/15 POSIX.1e ACL Directories have another ACL Default
ACL Looks similar to normal ACL Not user for enforcing Effects of
Default ACL A subdirectory inherits the default ACLs of the parent
directory both as its default ACLs and as an access ACLs A file
inherits the default ACLs as its access ACLs.
9. 05/22/15 Windows ACL Two types of ACL Discretionary Access
Control List (DACL) System Access Control List (SACL) Users, groups
identified by Security Identifiers (SID) Users and groups share the
same namespace Three types of ACE (Access Control Entries) Access
Allowed (ALLOW) Access Denied (DENY) System Audit (AUDIT)
10. 05/22/15 Windows ACL Lot of more granular control Change
permissions Take ownership Traverse folders / Execute files List
folders / Read data Read attributes Read extended attributes Read
permissions
11. 05/22/15 Windows ACL Lot of more granular control Create
files / Write data Create folders / Append data Write attributes
Write extended attributes Delete sub-folders and files Delete
Syncronize
12. 05/22/15 Windows ACL ACL order matters Each ACE is
associated with a SID Special SIDs Everyone, FileCreators, etc.
Each ACE has flags which tells inheritance rules OBJECT_INHERIT_ACE
files inherit ACE CONTAINER_INHERIT_ACE folders inherit ACE
INHERIT_ONLY_ACE User only for inheritance INHERITED_ACE All
inherited ACE will have this flag
13. 05/22/15 NFSv4 ACL Based on Windws ACL Same permissions
bits as Windows Plus two in NFSv4.1 Similar ACE types to Windows:
ALLOW DENY AUDIT ALARM
14. 05/22/15 NFSv4 ACL Users, groups identified by principals.
A principal is either Named user (e.g. [email protected]) Group
Special principals OWNER@ GROUP@ EVERYONE@ Use ACE flags similar to
Windows
15. 05/22/15 RichACL Similar to NFSv4 ACL Users, groups
identified by Unix numerical IDs. ACE order is important Same 14
permission bits as NFsv4 Supports same three file class as POSIX.1
owner group others
16. 05/22/15 RichACL Each file class is associated with a file
mask (16b) for each RichACL permission Each mask is an upper bound
on granted permissions for its class RichACL supports EVERYONE@
instead of OTHER class
17. 05/22/15 GlusterFS ACL Gluster supports POSIX ACL
Implemented as a translator ACLs are stored in back-end file-system
using EA (Extended attributes) To support POSIX ACL, the volume
must be mounted with acl option mounttglusterfsoacl
18. 05/22/15 GlusterFS & RichACL Gluster supports multiple
access protocols - Fuse, NFS, SMB. All three access protocols uses
different ACLs POSIX.1e cannot represent NFSv4 and SMB (Windows)
ACL because of its limited set of permission bits. RichACL is one
step closer towards multi-protocol access.
19. 05/22/15 GlusterFS & RichACL Challenges and/or design
considerations Gluster can support either POSIX.1e ACL or RichACL,
but not both File-system migration needed to convert existing ACL
to RichACL Once converted to RichACL the file-system cannot be
converted back to POSIX.1e ACL without information loss. RichACL
Enforcement logic should go in Gluster to support underlying
file-system which does not support RichACL. Limited size of
extended attributes (EA)