acl_xattr vs acl_tdb
in [Samba]
|
Prev: [Samba] xp logon issue
Next: ?: winbind dont start
From: simo on 26 Mar 2010 13:00 On Fri, 2010-03-26 at 09:43 -0700, Jeremy Allison wrote: > On Fri, Mar 26, 2010 at 12:40:49PM -0400, simo wrote: > > On Fri, 2010-03-26 at 12:28 -0400, simo wrote: > > > On Fri, 2010-03-26 at 10:53 -0400, simo wrote: > > > > On Fri, 2010-03-26 at 13:06 +0000, Miguel Medalha wrote: > > > > > > If I remember correctly XFS used to have a size limit of 64KiB per > > > > > > xattr. > > > > > > > > > > > > > > > > What about ext3 & ext4? > > > > > > > > Always IIRC, they should be limited by the inode size, which is 4KiB, > > > > but this information is old, and should be verified for ext4. > > > > > > Ok I just checked. > > > On ext4 the total size of *all* xattrs can't be larger than 4k and some. > > > > > > There is only 1 block you can allocate beyond the file inode. > > > > > > So careful on the amount of data you store in ext4 attrs. If you think > > > you'll have fatty Windows ACLs to store I guess XFS is a better choice > > > right now. > > > > Ah just to add insult to injury, remember that the xattr space is shared > > with selinux labels *and* posix ACLs contents. > > > > So it is a tight spot indeed. > > And don't forget the DOS attributes as well :-). pesky dos attributes :-) and yes if you think it is too tight a space it is time to open RFE bugs in your favorite upstream distribution to ask ext4 developers to please add more space. It is possible, although it may hurt performance on big xattrs I think it is better to loose some in perf. than not being able to save an ACL ... Simo. -- Simo Sorce Samba Team GPL Compliance Officer <simo(a)samba.org> Principal Software Engineer at Red Hat, Inc. <simo(a)redhat.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jeremy Allison on 26 Mar 2010 13:20 On Fri, Mar 26, 2010 at 05:57:27PM +0100, Adrian Berlin wrote: > Hi! > Thanks everyone for answer. So acl_tdb has unlimited storage for extended acls > and acl_xattr has 64KB per xattr? acl_tdb isn't unlimited, it's ahas a 4GB limit on the size of the tdb (until we get 64-bit tdb support). > I have one more question. How many acl can be stored in 64KB? Depends on the size of the ACL, which depends on how many DACL entries it has. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: simo on 26 Mar 2010 13:50 On Fri, 2010-03-26 at 10:10 -0700, Jeremy Allison wrote: > On Fri, Mar 26, 2010 at 05:57:27PM +0100, Adrian Berlin wrote: > > Hi! > > Thanks everyone for answer. So acl_tdb has unlimited storage for extended acls > > and acl_xattr has 64KB per xattr? > > acl_tdb isn't unlimited, it's ahas a 4GB limit on the size > of the tdb (until we get 64-bit tdb support). > > > I have one more question. How many acl can be stored in 64KB? > > Depends on the size of the ACL, which depends on how many DACL > entries it has. > > Jeremy <pedantic> The actual correct reply to the question is 1. As you can have no more than 1 ACL per file/directory. </pedantic> That said unless you have pathological ACLs with a huge number of ACEs then 64KiB should be large enough to hold any ACL you will use for any specific file or directory. Simo. -- Simo Sorce Samba Team GPL Compliance Officer <simo(a)samba.org> Principal Software Engineer at Red Hat, Inc. <simo(a)redhat.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Stan Hoeppner on 27 Mar 2010 00:10 Volker Lendecke put forth on 3/26/2010 7:39 AM: > On Fri, Mar 26, 2010 at 08:38:19AM -0400, simo wrote: >>>> There's something I would really like to know! But somehow it seems to >>>> be a secret of the gods that us mere mortals are not allowed to penetrate... >>> >>> Please say if there is any size restriction for xattrs in >>> XFS. Hopefully there is none, which would mean that you can >>> fill the whole file system with a single security descriptor >>> if you wish. >> >> If I remember correctly XFS used to have a size limit of 64KiB per >> xattr. > > Shall I call you god now? :-) No me. Err, wikipedia: XFS provides multiple data streams for files through its implementation of extended attributes. These allow the storage of a number of name/value pairs attached to a file. Names are null-terminated printable character strings of up to 256 bytes in length, while their associated values can contain up to 64 KB of binary data. They are further subdivided into two namespaces, root and user. Extended attributes stored in the root namespace can be modified only by the superuser, while attributes in the user namespace can be modified by any user with permission to write to the file. Extended attributes can be attached to any kind of XFS inode, including symbolic links, device nodes, directories, etc. The attr program can be used to manipulate extended attributes from the command line, and the xfsdump and xfsrestore utilities are aware of them and will back up and restore their contents. Most other backup systems are not aware of extended attributes. -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Miguel Medalha on 27 Mar 2010 09:50
>> Shall I call you god now? :-) >> > No me. Err, wikipedia: > Why invoke wikipedia when "man attr" is at hand? Quote: ------------------------ This document describes the attr command, which is mostly compatible with the IRIX command of the same name. It is thus aimed specifically at users of the XFS filesystem - for filesystem independent extended attribute manipulation, consult the getfattr(1) and setfattr(1) docu- mentation. In the XFS filesystem, the names can be up to 256 bytes in length, ter- minated by the first 0 byte. The intent is that they be printable ASCII (or other character set) names for the attribute. The values can be up to 64KB of arbitrary binary data. Attributes can be attached to all types of XFS inodes: regular files, directories, symbolic links, device nodes, etc. XFS uses 2 disjoint attribute name spaces associated with every filesystem object. They are the root and user address spaces. The root address space is accessable only to the superuser, and then only by specifying a flag argument to the function call. Other users will not see or be able to modify attributes in the root address space. The user address space is protected by the normal file permissions mecha- nism, so the owner of the file can decide who is able to see and/or modify the value of attributes on any particular file. ------------------------ The question still stands in what concerns ext3/ext4. About a year ago I posted the following to this Samba list: ------------------------ I am now experimenting with samba 3.3.0 and acl_xattr. I can see that there is another method of storing Windows ACLs: acl_tdb. Can someone here tell me something about the relative merits and demerits of those two methods? I am using CentOS with an ext3 filesystem. ------------------------ The (only) answer I got was the following: ------------------------ xattrs have size limitations on most file systems, so you won't be able to store truly large ACLs. Don't know the numbers for ext3. The tdb one is there for file systems without xattrs or with too severe limitations for them, but it has issues with native unix backup/restore (acls are indexed by inode). ------------------------ And that was all. Hence my comment about the "secrets of the gods". Samba comes with several methods of storing ACLs. Is it too much to ask for just a little information about them so that the users can make a decision, even if those users are not experts on the inwards of filesystem development? Than you to all who posted answers my question. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |