Skip to content

Commit

Permalink
Merge pull request #15805 from iterate-ch/feature/CTERA-136-update-do…
Browse files Browse the repository at this point in the history 
…cumentation

Update CTERA README.md.
  • Loading branch information
@dkocher
dkocher committed Apr 30, 2024
2 parents 46db104 + 90d5ec6 commit 5b9e7cd
Showing 1 changed file with 40 additions and 19 deletions.
59 changes: 40 additions & 19 deletions ctera/src/main/java/ch/cyberduck/core/ctera/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# CTERA Custom XML fields to support NT-ACL and WORM data
# Custom Properties in namespace `http://www.ctera.com/ns` in DAV Resources to Support NT-ACL and WORM Data

## 2nd line of defense: preflight (Cyberduck)
## Preflight Checks

| local | Feature | folder | file | CTERA required permissions | preflight |
|------------|-------------|--------|------|-------------------------------------------------------------------------------------------------------------------------------------------------|-----------|
| ls | ListService | x | | `readpermission` | -- |
| ls | ListService | x | | `readpermission` | x |
| read | Read | | x | `readpermission` | x |
| write | Write | | x | `writepermission` | x |
| mv | Move | x | | source:`deletepermission` AND target:`writepermission` (if directory exists, i.e. overwrite) AND target's parent: `createdirectoriespermission` | x |
Expand All @@ -14,36 +14,57 @@
| touch | Touch | | x | (future: target's parent `createfilepermission`) | x |
| mkdir | Directory | x | | `createdirectoriespermission` | x |
| rm / rmdir | Delete | x | x | `deletepermission` | x |
| exec | -- | | x | `executepermission` on file | -- |
| exec | -- | | x | -- | -- |

N.B. no need to check `readpermission` upon mv/cp.

## 1st line of defense: filesystem (Mountain Duck)
## Filesystem Mapping

### macOS NFS POSIX

| folder | file | NFS (POSIX) | affected local operations | implementation (`NfsFileSystemDelegate.getattr`) |
| folder | file | NFS (POSIX) | affected local operations | implementation |
|--------|------|-------------|--------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|
| | x | `r` | read | `r` <-- `Read.preflight` <-- `readpermission` |
| | x | `x` | exec | `x` <-- TRUE |
| x | | `rx` | ls | `rx` <-- `Read.preflight` <-- `readpermission` |
| | x | `w` | write, rm, mv source file, mv target file (if exists) | `w` <-- (`Write.preflight` OR `Delete.preflight` <-- (`writepermission` OR `deletepermission`) |
| x | | `w` | rmdir, mkdir, mv source folder, mv target folder (if exists) | `w` <-- (`Write.preflight` OR `Delete.preflight` OR `Directory.preflight`) <-- (`writepermission` OR `deletepermission` OR `createdirectoriespermission`) |

N.B. we use `Read` feature for `readpermission` on directories, as well.
N.B. `x` on files is only set for POSIX backends, i.e. never for CTERA.

### macOS File Provider Capabilities

| folder | file | File Provider capabilities (`DefaultFileProviderItemConverter.toFileProviderItem`) | affected local operations |
|--------|------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------|
| x | x | `NSFileProviderFileSystemUserReadable` <-- TRUE | read, ls |
| x | x | `NSFileProviderFileSystemUserWritable` <-- TRUE | write, mv, touch, mkdir |
| x | x | `NSFileProviderFileSystemUserExecutable` <-- TRUE | exec |
| x | | `NSFileProviderItemCapabilitiesAllowsContentEnumerating` <-- `Read.preflight` <-- `readpermission` | ls |
| | x | `NSFileProviderItemCapabilitiesAllowsReading` <-- `Read.preflight` <-- `readpermission` | read |
| | x | `NSFileProviderItemCapabilitiesAllowsWriting` <-- `Write.preflight` <-- `writepermission` | write |
| x | | `NSFileProviderItemCapabilitiesAllowsAddingSubItems` <-- (`Touch.preflight` (§) OR `Directory.preflight` (§)) <-- (`createdirectoriespermission` OR (future: `createfilepermission`)) == TRUE | mv, touch, mkdir |
| x | x | `NSFileProviderItemCapabilitiesAllowsDeleting` <-- `Delete.preflight` <-- `deletepermission` | rm, rmdir, mv |
| folder | file | File Provider Capabilities | affected local operations |
|--------|------|--------------------------------------------------------------------------------------------|---------------------------|
| x | | `NSFileProviderFileSystemUserReadable` <-- `ListService.preflight` | ls |
| | x | `NSFileProviderFileSystemUserReadable` <-- `Read.preflight` | read |
| x | | `NSFileProviderFileSystemUserWritable` <-- `Touch.preflight` <-- TRUE for CTERA | mv, touch, mkdir |
| | x | `NSFileProviderFileSystemUserWritable` <-- `Write.preflight` | write, mv |
| x | | `NSFileProviderFileSystemUserExecutable` <-- `ListService.preflight` | ls |
| | x | `NSFileProviderFileSystemUserExecutable` <-- `permission.isExecutable` <-- FALSE for CTERA | exec |

(§) with random file/directory name
(§) with empty file/directory name

N.B. File Provider sets the `x` flag on all folders independent of `NSFileProviderFileSystemUserExecutable`.

#### Documentation

* https://developer.apple.com/documentation/fileprovider/nsfileproviderfilesystemflags
* https://developer.apple.com/documentation/fileprovider/nsfileprovideritemcapabilities

### Windows ACLs

| folder | file | access right | affected local operations | implementation (`WindowsAcl.Translate`) |
|--------|------|---------------------|---------------------------------------------------------------------|---------------------------------------------------------|
| | x | `Read` | read, exec | `Read.preflight` <-- `readpermission` |
| x | | `ReadAndExecute` | ls | `ListService.preflight` <-- `readpermission` |
| x | x | `Write` | write, touch, mkdir, mv source file, mv target file (if exists) | `Write.preflight` <-- `writepermission` |
| x | x | `Delete` | rm, rmdir, mv source file/folder, mv target file/folder (if exists) | `Delete.preflight` <-- `deletepermission` |
| x | | `CreateDirectories` | mkdir, mv target folder (if target folder does not exist) | `Directory.preflight` <-- `createdirectoriespermission` |

N.B. `Write` on folders implies `CreateFiles` (=`WriteData` on files) and `CreateDirectories` (=`AppendData` on files).
N.B. `x` on files is only set for POSIX backends, i.e. never for CTERA.

#### Documentation

* https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights?view=net-8.0

0 comments on commit 5b9e7cd

Please sign in to comment.