Skip to content

Whm/volcreate acls #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
whm wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Whm/volcreate acls #15

whm wants to merge 3 commits into from

Conversation

@whm
Copy link
Collaborator

@whm whm commented Aug 20, 2025

Update volcreate processing of ACLs to allow volume creation of volumes with no ACLs to proceed without warnings.

whm added 3 commits August 18, 2025 22:24
@whm
Update volcreate processing of ACLs
0f6000e 
Update volcreate processing of ACLs to allow volume creation
of volumes with no ACLs to proceed without warnings.
@whm
Update version strings in scripts
68f6c07
@whm
Merge branch 'master' into whm/volcreate-acls
9faf994
jaltman
jaltman reviewed Aug 25, 2025
View reviewed changes
Copy link
Member

@jaltman jaltman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@whm please consider the ordering of actions and whether volcreate should permit the setting of volume maximum acls and volume ownership in addition to the volume root directory acl.

volcreate
die 'Failed to backup volume (status ', ($? >> 8), ")\n";
}

# Set the acls on the volume
Copy link
Member

@jaltman jaltman Aug 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the backup volume is created before the setting of the optional root acls, then the created .backup will not be protected by those acls.

volcreate
# Set the acls on the volume
my @this_acl_list = get_acl_list($volume, @acls);
if (scalar(@this_acl_list) > 0) {
@cmd = ($VOS, 'setrootacl');
Copy link
Member

@jaltman jaltman Aug 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is setting the volume root directory acl.

Should "volcreate" also provide for an option of setting the volume maximum acl?
"vos setmaxacl". The volume maximum acl is the maximum set of rights that can be granted by users that have administrator privilege on directories, files, etc.

Should "volcreate" also permit the volume owner to be assigned? "vos setowner". The volume owner is a "pts id" (user or group). The volume owner is permitted to fetch the contents of all directories, symlinks and mountpoints. The volume owner may also modify ACLs on all objects in the volume.

@whm
Copy link
Collaborator Author

whm commented Aug 25, 2025

I will re-order the backup volume and root acl setting.

I will need to think a bit how to add support for setmaxacl. The original command line used only positional arguments and the last arguments could be any number of ACLs. setmacacl also needs to allow for an arbitrary number of ACLs. It makes sense to be to add support for setmaxacl as a command line switch, e.g. --setmacacl="user access user2 access". I think it would be a good time to check that all of the positional arguments can be specified as switches.

It might make sense to also add support for a configuration file similar to volcreate=logs to allow the specification of defaults selected with regex's.

If you have an opinion or suggestion let me know. I am traveling right now and won't be back to a place where I can work on this until Thursday.

@jaltman
Copy link
Member

jaltman commented Sep 3, 2025

I will re-order the backup volume and root acl setting.

Thanks

I will need to think a bit how to add support for setmaxacl. The original command line used only positional arguments and the last arguments could be any number of ACLs. setmacacl also needs to allow for an arbitrary number of ACLs. It makes sense to be to add support for setmaxacl as a command line switch, e.g. --setmacacl="user access user2 access". I think it would be a good time to check that all of the positional arguments can be specified as switches.

I agree that it would be a good idea to review switches. When using the vos command line suite the setting of volume root acl, volume max acl, volume ownership, etc would all be performed as separate commands. Whereas voscreate is attempting to accept all of the settings on a single command line. Since each ACL is really a list of ACEs (names_set, rights) it cannot be parsed correctly when relying upon positional input.

It might make sense to also add support for a configuration file similar to volcreate=logs to allow the specification of defaults selected with regex's.

That is a good idea. @macrotex, what is your expected use case?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jaltman jaltman jaltman left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@jaltman jaltman

@whm whm

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@whm @jaltman