Support "acl" and "no_acl" export options.

diff --git a/ChangeLog b/ChangeLog
index d0985f8b9bc32e2b517364d73e925f9834d047a0..2b1781b65f0feeff8fcdf4cd2e1ae03d159a50ef 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2005-04-06  Chip Salzenberg  <chip@pobox.com>
+
+       * support/nfs/exports.c (parseopts): Accept "acl" option to mean
+       ~NFSEXP_NOACL, and "no_acl" to mean NFSEXP_NOACL.
+       (putexportent): Report NFSEXP_NOACL as "no_acl", and ~NFSEXP_NOACL
+       as "acl".
+       * utils/exportfs/exportfs.c (dump): Report NFSEXP_NOACL as
+       "no_acl".
+       * utils/exportfs/exports.man: Document "no_acl".
+
 2005-03-14  NeilBrown <neilb@cse.unsw.edu.au>
        Denis Vlasenko <vda@ilport.com.ua>
        * support/export/client.c(client_init and client_gettype):

diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index c46c7a99655b921f24855e1bee13f2f306742f77..43e68b147b9a7d6a3b97d2f87453953de5c70c6c 100644 (file)
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -185,6 +185,8 @@ putexportent(struct exportent *ep)
                "no_" : "");
        fprintf(fp, "%ssecure_locks,", (ep->e_flags & NFSEXP_NOAUTHNLM)?
                "in" : "");
+       fprintf(fp, "%sacl,", (ep->e_flags & NFSEXP_NOACL)?
+               "no_" : "");
        if (ep->e_flags & NFSEXP_FSID) {
                fprintf(fp, "fsid=%d,", ep->e_fsid);
        }
@@ -374,6 +376,10 @@ parseopts(char *cp, struct exportent *ep, int warn)
                        ep->e_flags &= ~NFSEXP_NOAUTHNLM;
                else if (strcmp(opt, "insecure_locks") == 0)
                        ep->e_flags |= NFSEXP_NOAUTHNLM;
+               else if (strcmp(opt, "acl") == 0)
+                       ep->e_flags &= ~NFSEXP_NOACL;
+               else if (strcmp(opt, "no_acl") == 0)
+                       ep->e_flags |= NFSEXP_NOACL;
                else if (strncmp(opt, "mapping=", 8) == 0)
                        ep->e_maptype = parsemaptype(opt+8);
                else if (strcmp(opt, "map_identity") == 0)      /* old style */

diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c
index fdf536978e5e8ede70a1501ba2b70d162d56529d..c7a9a0e94df1800cbd2758f8adb285485d978955 100644 (file)
--- a/utils/exportfs/exportfs.c
+++ b/utils/exportfs/exportfs.c
@@ -398,6 +398,8 @@ dump(int verbose)
                                c = dumpopt(c, "no_subtree_check");
                        if (ep->e_flags & NFSEXP_NOAUTHNLM)
                                c = dumpopt(c, "insecure_locks");
+                       if (ep->e_flags & NFSEXP_NOACL)
+                               c = dumpopt(c, "no_acl");
                        if (ep->e_flags & NFSEXP_FSID)
                                c = dumpopt(c, "fsid=%d", ep->e_fsid);
                        if (ep->e_mountpoint)

diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index d11a2a0b9a3421049380fa2b83a6aae1e90d65b1..2b316f546bd95187622a4697d750f3410850adf4 100644 (file)
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -222,6 +222,21 @@ be explicitly requested with either of the synonymous
 .IR auth_nlm ,
 or
 .IR secure_locks .
+.TP
+.IR no_acl
+On some specially patched kernels, and when exporting filesystems that
+support ACLs, this option tells nfsd not to reveal ACLs to clients, so
+they will see only a subset of actual permissions on the given file
+system.  This option is safe for filesystems used by NFSv2 clients and
+old NFSv3 clients that perform access decisions locally.  Current
+NFSv3 clients use the ACCESS RPC to perform all access decisions on
+the server.  Note that the
+.I no_acl
+option only has effect on kernels specially patched to support it, and
+when exporting filesystems with ACL support.  The default is to export
+with ACL support (i.e. by default,
+.I no_acl
+is off).
 
 '''.TP
 '''.I noaccess