ABE share property for NFS and SMB [PSARC/2009/375 Self Review]

Tue, 30 Jun 2009 19:16:17 -0600 (MDT) 

I am sponsoring this case on behalf of Alan Wright.  Requested binding
is minor/patch.  The case provides a new NFS and SMB share property
enabling ABE filtering.  Since the proposal is so straight-forward I
believe it qualifies for self-review.  If anyone disagrees, please let
me know and I'll promote this to a fast-track.

Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
    1.1. Project/Component Working Name:
         ABE share property for NFS and SMB
    1.2. Name of Document Author/Supplier:
         Author:  Alan Wright
    1.3  Date of This Document:
        30 June, 2009

4. Technical Description
    4.1. Details:

        This case proposes a new share property to support Access Based
        Enumeration (ABE) on NFS and SMB shares.

        The NFS and SMB services will consume the interface defined by
        PSARC/2009/246, which added ABE support to ZFS.  The ABE share
        property will provide administrators with the ability to enable
        ACL based directory content filtering on NFS and SMB shares.
        As described in PSARC/2009/246, with ABE enabled, entries to
        which the requesting user has no access will be omitted from
        the dirent data returned by the file system.

        Additional information is available in the following RFEs:
        6802734 Support for Access Based Enumeration
        6802736 SMB share support for Access Based Enumeration 

        The proposed property name and values are:

                abe=boolean

        Values of type boolean take either true or false.

    4.2. Bug/RFE Number(s):
        6802736 SMB share support for Access Based Enumeration

    4.6. Doc Impact:

        Modifications to the sharemgr(1M) man page:

+        abe=boolean
+
+           Set the access based enumeration (ABE) policy for the share.
+           When set to true ABE filtering is enabled on this share and
+           directory entries to which the requesting user has no access
+           will be omitted from directory listings returned to the client.
+           When set to false or not defined ABE filtering will not be
+           performed on this share.  This property is not defined by
+           default.

6. Resources and Schedule
    6.4. Steering Committee requested information
        6.4.1. Consolidation C-team Name:
                ON
    6.5. ARC review type: Automatic
    6.6. ARC Exposure: open

Reply via email to