Re: Changes to SFTP v6: change in acl present flag

[Joseph Galbraith <galb-list%vandyke.com@localhost>]

Okay, I have a new plan-- people should like
this.

I haven't heard anyone that has implemented
this yet, so I'm going to change w/o bumping
version number.

+ Remove the acl present flag.  The meaning
  of an absent acl (and an empty acl) is
  different enough so that I don't want to
  deal with it.

+ For NT, I'll use a acl-info%vandyke.com@localhost
  extension to allow me to communicate
  the extra info, which should only be
  needed rarely.

Speak now if you have objections to this
plan.

Thanks,

Joseph

Joseph Galbraith wrote:
> Do we have people already shipping SFTP v6
> style attributes?
>
> Implementation experience has just taught me that
> I need both the boolean acl-present and the count field
> in the ACL.
>
> Even when the access control part of the acl is not
> present, there still may be auditing / system alarm
> entries present.
>
> I propose changing the current text to the following:
>
> > If the 'acl-present' flag is not set, it indicates that
> > the file does not have an ACL, as opposed to having an
> > empty ACL.  An empty ACL grants no access, not having
> > an ACL grants all access. This is distinct from the
> > case of SSH_FILEXFER_ATTR_ACL not being present in the
> > attrib flags. If SSH_FILEXFER_ATTR_ACL is not present,
> > the client can not deduce whether the server does not
> > support ACLs, did not check the ACL (because doing
> > so was expensive), or had some other reason for
> > omitting the data.
> >
> > When the 'acl-prenent' flag is not set, there may still
> > be system audit or alarm type entries in the list.
>
> Thanks,
>
> Joseph