|
| 1 | +# Feature |
| 2 | + |
| 3 | +RichACL support for GlusterFS |
| 4 | + |
| 5 | +# Summary |
| 6 | + |
| 7 | +Richacls are an implementation of NFSv4 ACLs which has been extended by file |
| 8 | +masks to better fit the standard POSIX file permission model. The main goal |
| 9 | +is to provide a consistent file permission model locally as well as over |
| 10 | +various remote file system protocols like NFSv4 and CIFS; this is expected to |
| 11 | +significantly improve interoperability in mixed operating system environments, |
| 12 | +both when Linux is used as a client and as a server. |
| 13 | + |
| 14 | + |
| 15 | +# Owners |
| 16 | + |
| 17 | +* [Rajesh Joseph ]([email protected]) |
| 18 | + |
| 19 | + |
| 20 | +# Current status |
| 21 | + |
| 22 | +Currently GlusterFS only supports POSIX ACL. NFSv4 ACL and Windows file-level |
| 23 | +ACL (NTFS ACL) are more expressive than POSIX ACL. Both these protocol use a |
| 24 | +lossy conversion from their respective ACL to POSIX ACL and vice-versa. RichACL |
| 25 | +support in GlusterFS will bring better interoperability between these protocols |
| 26 | +and provide a more expressive ACL. |
| 27 | + |
| 28 | + |
| 29 | +# Related Feature Requests and Bugs |
| 30 | + |
| 31 | + |
| 32 | + |
| 33 | +# Benefit to GlusterFS |
| 34 | + |
| 35 | +* Better interoperability between NFS and Windows. A step closer to |
| 36 | + multi-protocol support. |
| 37 | +* GlusterFS will have a more expressive ACL support then POSIX ACL. |
| 38 | + |
| 39 | + |
| 40 | +# Detailed Description |
| 41 | + |
| 42 | + |
| 43 | +# Scope |
| 44 | + |
| 45 | +* Ability to set and retrieve RichACL through setxattr and getxattr |
| 46 | +* New translator for RichACL enforcement on brick level. |
| 47 | +* Tools for setting and retrieve RichACL (setrichacl and getrichacl) will not |
| 48 | + be provided. These tools can be downloaded from |
| 49 | + [Andreas Repo](https://github.com/andreas-gruenbacher/richacl). |
| 50 | +* No caching of RichACL on client side. Caching improvement will be taken later. |
| 51 | +* Need to make RichACL passthrough in MD cache. |
| 52 | + |
| 53 | + |
| 54 | +## Nature of proposed change |
| 55 | + |
| 56 | +* clients |
| 57 | + * FUSE client (Conversion of binary ACL format to text and vice-versa) |
| 58 | + * gfapi library (Conversion of binary ACL format to text and vice-versa) |
| 59 | + |
| 60 | +* Server processes |
| 61 | + * brick processes (Storing and enforcement of RichACL) |
| 62 | + |
| 63 | +* Gluster CLI (enable/disable RichACL support) |
| 64 | + |
| 65 | + |
| 66 | +## Design |
| 67 | + |
| 68 | +### RichACL Library |
| 69 | + |
| 70 | +Andreas Gruenbacher author of [librichacl](https://github.com/andreas-gruenbacher/richacl) |
| 71 | +provide the library for general use. This library has all the required functoins |
| 72 | +to set, retrieve, parse and enforce RichACL. |
| 73 | + |
| 74 | +### Linux Kernel with RichACL support |
| 75 | + |
| 76 | +Andreas also provided patches for Ext4 and XFS for RichACL support. These |
| 77 | +modified file-system can be used for testing RichACL. |
| 78 | + |
| 79 | +There are two ways by which GlusterFS can provide RichACL support: |
| 80 | + |
| 81 | +* Underlying file-system provides RichACL support. |
| 82 | + * This is very straight forward, where GlusterFS will pass through |
| 83 | + ACL to the underlying file-system. Underlying file-system will be |
| 84 | + responsible for storing and enforcing RichACL. |
| 85 | + * Since most of the file-system currently not RichACL aware this option |
| 86 | + will not very favourable. |
| 87 | +* GlusterFS provide RichACL support, but use underlying file-system to save |
| 88 | + RichACL. |
| 89 | + |
| 90 | +The development of RichACL is targetted in two phases. In first phase we will |
| 91 | +make use of underlying file-system for storing and enforcing RichACL. In phase |
| 92 | +two we will have complete RichACL support in GlusterFS. |
| 93 | + |
| 94 | + |
| 95 | +### General RichACL flow on Fuse mount |
| 96 | + |
| 97 | +On Fuse we can use setrichacl and getrichacl tools to set and retrieve RichACL. |
| 98 | +These tools convert RichACL calls to setxattr and getxattr calls with the |
| 99 | +assumption that the underlying file-system understand RichACL. Following keys |
| 100 | +are used for setting and retrieving RichACL. |
| 101 | + |
| 102 | +"system.richacl" |
| 103 | + |
| 104 | + |
| 105 | + .------------. <setxattr: binary format, "system.richacl"> .-------------. |
| 106 | + | setrichacl |--------------------------------------------->| Fuse Bridge | |
| 107 | + '------------' Fuse mount '-------------' |
| 108 | + ^ |
| 109 | + | |
| 110 | + <setxattr: string format, "glusterfs.richacl"> | |
| 111 | + | |
| 112 | + v |
| 113 | + .-----------------. |
| 114 | + | Protocol Client | |
| 115 | + '-----------------' |
| 116 | + ^ |
| 117 | + | |
| 118 | + Network X |
| 119 | + | |
| 120 | + v |
| 121 | + .-----------------. |
| 122 | + | Protocol Server | |
| 123 | + '-----------------' |
| 124 | + ^ |
| 125 | + | |
| 126 | + v |
| 127 | + .-----------------. |
| 128 | + (Save RichACL in local ctx | RichACL xlator | |
| 129 | + and enforce RichACL) '-----------------' |
| 130 | + ^ |
| 131 | + | |
| 132 | + v |
| 133 | + .-----------------. |
| 134 | + | POSIX xlator | |
| 135 | + '-----------------' |
| 136 | + ^ |
| 137 | + | |
| 138 | + v |
| 139 | + .-----------------. |
| 140 | + (Save RichACL as extended | File-system | |
| 141 | + attribute, "glusterfs.richacl") '-----------------' |
| 142 | + |
| 143 | + |
| 144 | + |
| 145 | +## Implications on manageability |
| 146 | + |
| 147 | +None |
| 148 | + |
| 149 | +## Implications on presentation layer |
| 150 | + |
| 151 | +None |
| 152 | + |
| 153 | +## Implications on persistence layer |
| 154 | + |
| 155 | +None. |
| 156 | + |
| 157 | + |
| 158 | +## Implications on 'GlusterFS' backend |
| 159 | + |
| 160 | +None. |
| 161 | + |
| 162 | +## Modification to GlusterFS metadata |
| 163 | + |
| 164 | +None. |
| 165 | + |
| 166 | +## Implications on 'glusterd' |
| 167 | + |
| 168 | +None |
| 169 | + |
| 170 | +# How To Test |
| 171 | + |
| 172 | +Steps to test RichACL on Fuse mount |
| 173 | + |
| 174 | +1. Download and install richacl library and tools from [Fedora Repo](https://copr.fedorainfracloud.org/coprs/devos/richacl/package/richacl). |
| 175 | +1. Enable RichACL on volume using volume set option |
| 176 | +1. Mount fuse with ACL option (-o richacl) |
| 177 | +1. Using setrichacl and getrichacl set and retrieve RichACL. |
| 178 | +1. Use chmod to change file permission, and check RichACL. |
| 179 | + |
| 180 | +# Dependencies |
| 181 | + |
| 182 | +* requires librichacl and setrichacl and getrichacl tools for testing. |
| 183 | +* RichACL package is already available in [Fedora][https://apps.fedoraproject.org/packages/richacl] |
| 184 | + |
| 185 | +# Documentation |
| 186 | + |
| 187 | + |
| 188 | +# Status |
| 189 | + |
| 190 | +*Status of development - Design Ready, In development, Completed* |
| 191 | + |
| 192 | +Design Ready. Currently you can set and retrieve richacl using setrichacl |
| 193 | +and getrichacl tools on Fuse mount. Backend brick file-system is a custom |
| 194 | +compiled RichACL supported Ext4 file-system. |
| 195 | + |
| 196 | +First patch is present in github in the following location. |
| 197 | +https://github.com/rajeshjoseph/glusterfs |
| 198 | + |
| 199 | +The code will be soon moved to review.gluster.org after doing some cleanup. |
| 200 | + |
| 201 | +For some time there was no work done on RichACL therefore first I need to get |
| 202 | +the latest RichACL library and Kernel and see the if the existing code still |
| 203 | +works as expected. After fixing those minor issues code will be posted on |
| 204 | +review.gluster.com. |
| 205 | + |
| 206 | +And then we will move to phase II of development where we will use librichacl |
| 207 | +for enforcing RichACL. |
| 208 | + |
| 209 | + |
| 210 | +# Comments and Discussion |
| 211 | + |
| 212 | +*TODO: Link to mailinglist thread(s) and the Gerrit review.* |
0 commit comments