[Question] nfsacl: why deny owner mode when deny user

From: zhangjian (CG)
Date: Mon Dec 08 2025 - 05:06:56 EST

Next message: Shrikanth Hegde: "Re: [PATCH 00/17] Paravirt CPUs and push task for less vCPU preemption"
Previous message: David Hildenbrand (Red Hat): "Re: [PATCH 00/11] mm/hugetlb: Eliminate fake head pages from vmemmap optimization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When user read bit is denied by nfs4_setfacl, owner read bit is also
denied.
Example:

[root@localhost ~]# nfs4_getfacl test/a
# file: test/a
A::OWNER@:rwatTcCy
A::1000:rwatcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy

[root@localhost ~]# nfs4_setfacl -a D::1000:r test/a
[root@localhost ~]# nfs4_getfacl test/a
# file: test/a
D::OWNER@:r
A::OWNER@:watTcCy
D::1000:r
A::1000:watcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy

In function process_one_v4_ace, I see read bit is denied for owner:
case ACL_USER:
i = find_uid(state, state->users, ace->who);
if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
allow_bits(&state->users->aces[i].perms, mask);
} else {
deny_bits(&state->users->aces[i].perms, mask);
mask = state->users->aces[i].perms.deny;
deny_bits(&state->owner, mask);
}
This change is commit in 09229ed. But I wonder why it is implemented
like this.

Next message: Shrikanth Hegde: "Re: [PATCH 00/17] Paravirt CPUs and push task for less vCPU preemption"
Previous message: David Hildenbrand (Red Hat): "Re: [PATCH 00/11] mm/hugetlb: Eliminate fake head pages from vmemmap optimization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]