diff options
| author | chip <chip> | 2005-04-06 18:45:10 +0000 |
|---|---|---|
| committer | chip <chip> | 2005-04-06 18:45:10 +0000 |
| commit | 442c362b033ff30be49e162db8a57d8e375a6f1f (patch) | |
| tree | dc656dc8455b4d863c30b47c2ec40974baec07a9 | |
| parent | 3a2c185ce46190b9f4712b2432297aa04f4bdd33 (diff) | |
| download | nfs-utils-442c362b033ff30be49e162db8a57d8e375a6f1f.tar.gz nfs-utils-442c362b033ff30be49e162db8a57d8e375a6f1f.tar.xz nfs-utils-442c362b033ff30be49e162db8a57d8e375a6f1f.zip | |
Support "acl" and "no_acl" export options.
| -rw-r--r-- | ChangeLog | 10 | ||||
| -rw-r--r-- | support/nfs/exports.c | 6 | ||||
| -rw-r--r-- | utils/exportfs/exportfs.c | 2 | ||||
| -rw-r--r-- | utils/exportfs/exports.man | 15 |
4 files changed, 33 insertions, 0 deletions
@@ -1,3 +1,13 @@ +2005-04-06 Chip Salzenberg <chip@pobox.com> + + * support/nfs/exports.c (parseopts): Accept "acl" option to mean + ~NFSEXP_NOACL, and "no_acl" to mean NFSEXP_NOACL. + (putexportent): Report NFSEXP_NOACL as "no_acl", and ~NFSEXP_NOACL + as "acl". + * utils/exportfs/exportfs.c (dump): Report NFSEXP_NOACL as + "no_acl". + * utils/exportfs/exports.man: Document "no_acl". + 2005-03-14 NeilBrown <neilb@cse.unsw.edu.au> Denis Vlasenko <vda@ilport.com.ua> * support/export/client.c(client_init and client_gettype): diff --git a/support/nfs/exports.c b/support/nfs/exports.c index c46c7a9..43e68b1 100644 --- a/support/nfs/exports.c +++ b/support/nfs/exports.c @@ -185,6 +185,8 @@ putexportent(struct exportent *ep) "no_" : ""); fprintf(fp, "%ssecure_locks,", (ep->e_flags & NFSEXP_NOAUTHNLM)? "in" : ""); + fprintf(fp, "%sacl,", (ep->e_flags & NFSEXP_NOACL)? + "no_" : ""); if (ep->e_flags & NFSEXP_FSID) { fprintf(fp, "fsid=%d,", ep->e_fsid); } @@ -374,6 +376,10 @@ parseopts(char *cp, struct exportent *ep, int warn) ep->e_flags &= ~NFSEXP_NOAUTHNLM; else if (strcmp(opt, "insecure_locks") == 0) ep->e_flags |= NFSEXP_NOAUTHNLM; + else if (strcmp(opt, "acl") == 0) + ep->e_flags &= ~NFSEXP_NOACL; + else if (strcmp(opt, "no_acl") == 0) + ep->e_flags |= NFSEXP_NOACL; else if (strncmp(opt, "mapping=", 8) == 0) ep->e_maptype = parsemaptype(opt+8); else if (strcmp(opt, "map_identity") == 0) /* old style */ diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c index fdf5369..c7a9a0e 100644 --- a/utils/exportfs/exportfs.c +++ b/utils/exportfs/exportfs.c @@ -398,6 +398,8 @@ dump(int verbose) c = dumpopt(c, "no_subtree_check"); if (ep->e_flags & NFSEXP_NOAUTHNLM) c = dumpopt(c, "insecure_locks"); + if (ep->e_flags & NFSEXP_NOACL) + c = dumpopt(c, "no_acl"); if (ep->e_flags & NFSEXP_FSID) c = dumpopt(c, "fsid=%d", ep->e_fsid); if (ep->e_mountpoint) diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man index d11a2a0..2b316f5 100644 --- a/utils/exportfs/exports.man +++ b/utils/exportfs/exports.man @@ -222,6 +222,21 @@ be explicitly requested with either of the synonymous .IR auth_nlm , or .IR secure_locks . +.TP +.IR no_acl +On some specially patched kernels, and when exporting filesystems that +support ACLs, this option tells nfsd not to reveal ACLs to clients, so +they will see only a subset of actual permissions on the given file +system. This option is safe for filesystems used by NFSv2 clients and +old NFSv3 clients that perform access decisions locally. Current +NFSv3 clients use the ACCESS RPC to perform all access decisions on +the server. Note that the +.I no_acl +option only has effect on kernels specially patched to support it, and +when exporting filesystems with ACL support. The default is to export +with ACL support (i.e. by default, +.I no_acl +is off). '''.TP '''.I noaccess |