[Gluster-devel] Future of access-control translator ?
Jiffin Tony Thottan
jthottan at redhat.com
Wed Jun 10 18:12:27 UTC 2015
Hi,
In the current implementation of access-control translator, it takes
care of the following :
a.) conversion of acl xattr <-> gluster supported posix-acl format
(at the backend acl is stored as xattr know as system.posix_acl* for linux)
b.) Cache that posix-acl in its context.
c.) And enforce permissions based on the cached entries.
This translator is loaded in the server side by default and in the
client side if acl option is mentioned.
A new portable acl conversion was introduced in posix by [1] to fix
limitations in (a). Refer mail thread [2]
for further details. Enforcement can be handled by posix translator(In
that case, caching will be redundant,
because same permission are checked twice).
Therefore should we remove access-control translator entirely from vol
graph or
Retain the translator for (b) and (c) by modifying them based on
standard acl format.
Please provide your thoughts on the same.
[1] : http://review.gluster.org/#/c/9627/
[2] : http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/9036
Thanks and Regards,
Jiffin
More information about the Gluster-devel
mailing list