From: chip Date: Wed, 6 Apr 2005 18:45:10 +0000 (+0000) Subject: Support "acl" and "no_acl" export options. X-Git-Tag: nfs-utils-1-0-7-post1~14 X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=commitdiff_plain;h=442c362b033ff30be49e162db8a57d8e375a6f1f;hp=3a2c185ce46190b9f4712b2432297aa04f4bdd33 Support "acl" and "no_acl" export options. --- diff --git a/ChangeLog b/ChangeLog index d0985f8..2b1781b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2005-04-06 Chip Salzenberg + + * support/nfs/exports.c (parseopts): Accept "acl" option to mean + ~NFSEXP_NOACL, and "no_acl" to mean NFSEXP_NOACL. + (putexportent): Report NFSEXP_NOACL as "no_acl", and ~NFSEXP_NOACL + as "acl". + * utils/exportfs/exportfs.c (dump): Report NFSEXP_NOACL as + "no_acl". + * utils/exportfs/exports.man: Document "no_acl". + 2005-03-14 NeilBrown Denis Vlasenko * support/export/client.c(client_init and client_gettype): diff --git a/support/nfs/exports.c b/support/nfs/exports.c index c46c7a9..43e68b1 100644 --- a/support/nfs/exports.c +++ b/support/nfs/exports.c @@ -185,6 +185,8 @@ putexportent(struct exportent *ep) "no_" : ""); fprintf(fp, "%ssecure_locks,", (ep->e_flags & NFSEXP_NOAUTHNLM)? "in" : ""); + fprintf(fp, "%sacl,", (ep->e_flags & NFSEXP_NOACL)? + "no_" : ""); if (ep->e_flags & NFSEXP_FSID) { fprintf(fp, "fsid=%d,", ep->e_fsid); } @@ -374,6 +376,10 @@ parseopts(char *cp, struct exportent *ep, int warn) ep->e_flags &= ~NFSEXP_NOAUTHNLM; else if (strcmp(opt, "insecure_locks") == 0) ep->e_flags |= NFSEXP_NOAUTHNLM; + else if (strcmp(opt, "acl") == 0) + ep->e_flags &= ~NFSEXP_NOACL; + else if (strcmp(opt, "no_acl") == 0) + ep->e_flags |= NFSEXP_NOACL; else if (strncmp(opt, "mapping=", 8) == 0) ep->e_maptype = parsemaptype(opt+8); else if (strcmp(opt, "map_identity") == 0) /* old style */ diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c index fdf5369..c7a9a0e 100644 --- a/utils/exportfs/exportfs.c +++ b/utils/exportfs/exportfs.c @@ -398,6 +398,8 @@ dump(int verbose) c = dumpopt(c, "no_subtree_check"); if (ep->e_flags & NFSEXP_NOAUTHNLM) c = dumpopt(c, "insecure_locks"); + if (ep->e_flags & NFSEXP_NOACL) + c = dumpopt(c, "no_acl"); if (ep->e_flags & NFSEXP_FSID) c = dumpopt(c, "fsid=%d", ep->e_fsid); if (ep->e_mountpoint) diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man index d11a2a0..2b316f5 100644 --- a/utils/exportfs/exports.man +++ b/utils/exportfs/exports.man @@ -222,6 +222,21 @@ be explicitly requested with either of the synonymous .IR auth_nlm , or .IR secure_locks . +.TP +.IR no_acl +On some specially patched kernels, and when exporting filesystems that +support ACLs, this option tells nfsd not to reveal ACLs to clients, so +they will see only a subset of actual permissions on the given file +system. This option is safe for filesystems used by NFSv2 clients and +old NFSv3 clients that perform access decisions locally. Current +NFSv3 clients use the ACCESS RPC to perform all access decisions on +the server. Note that the +.I no_acl +option only has effect on kernels specially patched to support it, and +when exporting filesystems with ACL support. The default is to export +with ACL support (i.e. by default, +.I no_acl +is off). '''.TP '''.I noaccess