August 2010 Archives

pacl update

| 1 Comment | 0 TrackBacks

This morning, the PASS Access Control List (pacl) program, which is the permissions program used by PASS Explorer, was altered to implement the following policy:

  • For each Access Control Entry (ACE) in the NFSv4 level ACL:
    • Set the Read Named Attributes permission to match the Read File permission for files or the List Folder permission for folders.
    • Set the Write Named Attributes permission to match the Write File permission for files or the inclusive OR of ( Add File OR Add Subfolder ) permission on folders.
  • Perform this change on every ALLOW ACE in an ACL during any other change to the ACL. DENY ACEs are ignored.
  • A new -correct switch has been added to force this behavior in lieu of other changes.

The reasoning for this includes:

  • The Read Named Attributes and Write Named Attributes permissions are not used by GPFS (thus not used by PASS) to alter the behavior of access control. They can be stored and retrieved later. Previously, they were always left off (cleared).
  • Some clients, in particular Windows 7, check this permission and alter their behavior based on the setting. When attempting to copy a folder from PASS to a local Windows 7 folder, and Read Named Attributes is not granted, a "Folder Access Denied" message appears. Other platforms including Macintosh, Linux and other versions of Windows (except Windows Server 2008r2) do not see this same behavior. Copying individual files or copying a folder in the reverse direction do not meet this issue. When Read Named Attributes are set on the folder, copying a folder from PASS to the local computer do not hit this problem.

In addition, other fixes went in this morning, including:

  • Listing folder permissions will now correctly identify when new files created in the folder will have execute permission.

Penn State full time faculty and staff may read the full technical details of this update on: https://wikispaces.psu.edu/display/PASS/pacl+changes+2010-08.

Our group may proactively correct ACLs in users' spaces prior to the Fall semester to avoid further complications from the copy-folder-from-PASS issue on Windows 7.

Search This Blog

Full Text  Tag