zfs discuss - Oct 2006 - Re: [request-sponsor] request sponsor for #4890717

Jeremy Teo wrote:
> Hello,
> 
> request sponsor for #4890717 want append-only files.
> 
> I have a working prototype where the administrator can put a zfs fs
> into "append only" mode by setting the zfs "appendonly"
property to
> "on" using zfs(1M).
> 
> "append only" mode in this case means
> 
> 1. Applications can only append to any existing files, but cannot
> truncate files by creating a new file with the same filename an
> existing file, or by writing in a file at an offset other than the end
> of the file. (Applications can still create new files)
> 
> 2. Applications cannot remove existing files/directories.
> 
> 3. Applications cannot rename/move existing files/directories.
> 
> Thanks! I hope this is still wanted. :)
> 
How does this interact with the a append_only ACL that ZFS supports ?

How does this property work in the face of inheritance.

How does this property work in the the user delegation environment ?

-- 
Darren J Moffat

On 05/10/2006, at 8:10 AM, Darren J Moffat wrote:
> Jeremy Teo wrote:
>> Hello,
>> request sponsor for #4890717 want append-only files.
>> I have a working prototype where the administrator can put a zfs fs
>> into "append only" mode by setting the zfs
"appendonly" property to
>> "on" using zfs(1M).
>> "append only" mode in this case means
>> 1. Applications can only append to any existing files, but cannot
>> truncate files by creating a new file with the same filename an
>> existing file, or by writing in a file at an offset other than the  
>> end
>> of the file. (Applications can still create new files)
>> 2. Applications cannot remove existing files/directories.
>> 3. Applications cannot rename/move existing files/directories.
>> Thanks! I hope this is still wanted. :)
>
> How does this interact with the a append_only ACL that ZFS supports ?
>
> How does this property work in the face of inheritance.
>
> How does this property work in the the user delegation environment ?
I was wondering the same thing. Personally, I''d rather see the  
append_only ACL work than a whole new fs property.

Last time I looked there was some problem with append_only, but I  
can''t remember what it was.

Boyd

Boyd Adamson wrote:
> On 05/10/2006, at 8:10 AM, Darren J Moffat wrote:
>> Jeremy Teo wrote:
>>> Hello,
>>> request sponsor for #4890717 want append-only files.
>>> I have a working prototype where the administrator can put a zfs fs
>>> into "append only" mode by setting the zfs
"appendonly" property to
>>> "on" using zfs(1M).
>>> "append only" mode in this case means
>>> 1. Applications can only append to any existing files, but cannot
>>> truncate files by creating a new file with the same filename an
>>> existing file, or by writing in a file at an offset other than the
end
>>> of the file. (Applications can still create new files)
>>> 2. Applications cannot remove existing files/directories.
>>> 3. Applications cannot rename/move existing files/directories.
>>> Thanks! I hope this is still wanted. :)
>>
>> How does this interact with the a append_only ACL that ZFS supports ?
>>
>> How does this property work in the face of inheritance.
>>
>> How does this property work in the the user delegation environment ?
> 
> I was wondering the same thing. Personally, I''d rather see the 
> append_only ACL work than a whole new fs property.
> 
> Last time I looked there was some problem with append_only, but I
can''t
> remember what it was.
> 
The basic problem at the moment with append_only via ACLs is the following:

We have a problem with the NFS server, where there is no notion of 
O_APPEND.  An open operation over NFS does not convey whether the client 
wishes to append or do a general write; only at the time of a write 
operation can the server see whether the client is appending. 
Therefore, a process could receive an error, e.g. ERANGE, EOVERFLOW, or 
ENOSPC, upon issuing an attempted write() somewhere other than at EOF. 
This adds unwanted overhead in the write path.

I recently created a prototype that adds support for append only files 
in local ZFS file systems via ACLs.  However, NFS clients will receive 
EACCES when attempting to open append only files.


    -Mark

On 05/10/2006, at 11:28 AM, Mark Shellenbaum wrote:
> Boyd Adamson wrote:
>> On 05/10/2006, at 8:10 AM, Darren J Moffat wrote:
>>> Jeremy Teo wrote:
>>>> Hello,
>>>> request sponsor for #4890717 want append-only files.
>>>> I have a working prototype where the administrator can put a
zfs fs
>>>> into "append only" mode by setting the zfs
"appendonly" property to
>>>> "on" using zfs(1M).
>>>> "append only" mode in this case means
>>>> 1. Applications can only append to any existing files, but
cannot
>>>> truncate files by creating a new file with the same filename an
>>>> existing file, or by writing in a file at an offset other than
>>>> the end
>>>> of the file. (Applications can still create new files)
>>>> 2. Applications cannot remove existing files/directories.
>>>> 3. Applications cannot rename/move existing files/directories.
>>>> Thanks! I hope this is still wanted. :)
>>>
>>> How does this interact with the a append_only ACL that ZFS  
>>> supports ?
>>>
>>> How does this property work in the face of inheritance.
>>>
>>> How does this property work in the the user delegation environment
?
>> I was wondering the same thing. Personally, I''d rather see the
>> append_only ACL work than a whole new fs property.
>> Last time I looked there was some problem with append_only, but I  
>> can''t remember what it was.
>
> The basic problem at the moment with append_only via ACLs is the  
> following:
>
> We have a problem with the NFS server, where there is no notion of  
> O_APPEND.  An open operation over NFS does not convey whether the  
> client wishes to append or do a general write; only at the time of  
> a write operation can the server see whether the client is  
> appending. Therefore, a process could receive an error, e.g.  
> ERANGE, EOVERFLOW, or ENOSPC, upon issuing an attempted write()  
> somewhere other than at EOF. This adds unwanted overhead in the  
> write path.
>
> I recently created a prototype that adds support for append only  
> files in local ZFS file systems via ACLs.  However, NFS clients  
> will receive EACCES when attempting to open append only files.
Ah, that''s right... it was NFS over ZFS. Am I the only person who  
sees it as odd that an ACL feature derived from NFSv4 is, in fact,  
not implemented in NFSv4?