Darren J Moffat <Darren.Moffat at Sun.COM> wrote: > Tim Haley wrote: >> I am sponsoring this case on behalf of Alan Wright. Requested binding >> is minor/patch. The case provides a new NFS and SMB share property >> enabling ABE filtering. Since the proposal is so straight-forward I >> believe it qualifies for self-review. If anyone disagrees, please let >> me know and I'll promote this to a fast-track. >> >> Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI >> This information is Copyright 2009 Sun Microsystems >> 1. Introduction >> 1.1. Project/Component Working Name: >> ABE share property for NFS and SMB >> 1.2. Name of Document Author/Supplier: >> Author: Alan Wright >> 1.3 Date of This Document: >> 30 June, 2009 >> >> 4. Technical Description >> 4.1. Details: >> >> This case proposes a new share property to support Access Based >> Enumeration (ABE) on NFS and SMB shares. >> >> The NFS and SMB services will consume the interface defined by >> PSARC/2009/246, which added ABE support to ZFS. The ABE share >> property will provide administrators with the ability to enable >> ACL based directory content filtering on NFS and SMB shares. >> As described in PSARC/2009/246, with ABE enabled, entries to >> which the requesting user has no access will be omitted from >> the dirent data returned by the file system. >> >> Additional information is available in the following RFEs: >> 6802734 Support for Access Based Enumeration >> 6802736 SMB share support for Access Based Enumeration >> >> The proposed property name and values are: >> >> abe=boolean > > IMO that isn't a very descriptive name for end admins isn't there > anything better ? If there isn't then fair-enough.
It's generally known as ABE. > Is this a ZPL property or a normal one ? Neither. > Why is this a separate per dataset property rather than an option for > sharenfs or sharesmb ? It's a regular per-share property that can be set via sharemgr or via sharenfs/sharesmb. > I'm assuming the answer is because like the > oplocks discussion in PSARC/2009/140 ie it has to be the same for all > shares of the dataset (which for CIFS can overlap but can't for NFS). > Actually given that what is the reason this isn't an option for the smb > property (obviously that doesn't allow it to be used for NFS) ? There are no restrictions related to overlapping shares for this property. You can share the same directory twice with different ABE settings. One share will filter readdir requests, the other won't. Alan
