diff --git a/ctera/src/main/java/ch/cyberduck/core/ctera/README.md b/ctera/src/main/java/ch/cyberduck/core/ctera/README.md index 8487dd7250e..ffa2ec51925 100644 --- a/ctera/src/main/java/ch/cyberduck/core/ctera/README.md +++ b/ctera/src/main/java/ch/cyberduck/core/ctera/README.md @@ -1,10 +1,10 @@ -# CTERA Custom XML fields to support NT-ACL and WORM data +# Custom Properties in namespace `http://www.ctera.com/ns` in DAV Resources to Support NT-ACL and WORM Data -## 2nd line of defense: preflight (Cyberduck) +## Preflight Checks | local | Feature | folder | file | CTERA required permissions | preflight | |------------|-------------|--------|------|-------------------------------------------------------------------------------------------------------------------------------------------------|-----------| -| ls | ListService | x | | `readpermission` | -- | +| ls | ListService | x | | `readpermission` | x | | read | Read | | x | `readpermission` | x | | write | Write | | x | `writepermission` | x | | mv | Move | x | | source:`deletepermission` AND target:`writepermission` (if directory exists, i.e. overwrite) AND target's parent: `createdirectoriespermission` | x | @@ -14,36 +14,57 @@ | touch | Touch | | x | (future: target's parent `createfilepermission`) | x | | mkdir | Directory | x | | `createdirectoriespermission` | x | | rm / rmdir | Delete | x | x | `deletepermission` | x | -| exec | -- | | x | `executepermission` on file | -- | +| exec | -- | | x | -- | -- | N.B. no need to check `readpermission` upon mv/cp. -## 1st line of defense: filesystem (Mountain Duck) +## Filesystem Mapping ### macOS NFS POSIX -| folder | file | NFS (POSIX) | affected local operations | implementation (`NfsFileSystemDelegate.getattr`) | +| folder | file | NFS (POSIX) | affected local operations | implementation | |--------|------|-------------|--------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------| | | x | `r` | read | `r` <-- `Read.preflight` <-- `readpermission` | -| | x | `x` | exec | `x` <-- TRUE | | x | | `rx` | ls | `rx` <-- `Read.preflight` <-- `readpermission` | | | x | `w` | write, rm, mv source file, mv target file (if exists) | `w` <-- (`Write.preflight` OR `Delete.preflight` <-- (`writepermission` OR `deletepermission`) | | x | | `w` | rmdir, mkdir, mv source folder, mv target folder (if exists) | `w` <-- (`Write.preflight` OR `Delete.preflight` OR `Directory.preflight`) <-- (`writepermission` OR `deletepermission` OR `createdirectoriespermission`) | -N.B. we use `Read` feature for `readpermission` on directories, as well. +N.B. `x` on files is only set for POSIX backends, i.e. never for CTERA. ### macOS File Provider Capabilities -| folder | file | File Provider capabilities (`DefaultFileProviderItemConverter.toFileProviderItem`) | affected local operations | -|--------|------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| x | x | `NSFileProviderFileSystemUserReadable` <-- TRUE | read, ls | -| x | x | `NSFileProviderFileSystemUserWritable` <-- TRUE | write, mv, touch, mkdir | -| x | x | `NSFileProviderFileSystemUserExecutable` <-- TRUE | exec | -| x | | `NSFileProviderItemCapabilitiesAllowsContentEnumerating` <-- `Read.preflight` <-- `readpermission` | ls | -| | x | `NSFileProviderItemCapabilitiesAllowsReading` <-- `Read.preflight` <-- `readpermission` | read | -| | x | `NSFileProviderItemCapabilitiesAllowsWriting` <-- `Write.preflight` <-- `writepermission` | write | -| x | | `NSFileProviderItemCapabilitiesAllowsAddingSubItems` <-- (`Touch.preflight` (§) OR `Directory.preflight` (§)) <-- (`createdirectoriespermission` OR (future: `createfilepermission`)) == TRUE | mv, touch, mkdir | -| x | x | `NSFileProviderItemCapabilitiesAllowsDeleting` <-- `Delete.preflight` <-- `deletepermission` | rm, rmdir, mv | +| folder | file | File Provider Capabilities | affected local operations | +|--------|------|--------------------------------------------------------------------------------------------|---------------------------| +| x | | `NSFileProviderFileSystemUserReadable` <-- `ListService.preflight` | ls | +| | x | `NSFileProviderFileSystemUserReadable` <-- `Read.preflight` | read | +| x | | `NSFileProviderFileSystemUserWritable` <-- `Touch.preflight` <-- TRUE for CTERA | mv, touch, mkdir | +| | x | `NSFileProviderFileSystemUserWritable` <-- `Write.preflight` | write, mv | +| x | | `NSFileProviderFileSystemUserExecutable` <-- `ListService.preflight` | ls | +| | x | `NSFileProviderFileSystemUserExecutable` <-- `permission.isExecutable` <-- FALSE for CTERA | exec | -(§) with random file/directory name +(§) with empty file/directory name +N.B. File Provider sets the `x` flag on all folders independent of `NSFileProviderFileSystemUserExecutable`. + +#### Documentation + +* https://developer.apple.com/documentation/fileprovider/nsfileproviderfilesystemflags +* https://developer.apple.com/documentation/fileprovider/nsfileprovideritemcapabilities + +### Windows ACLs + +| folder | file | access right | affected local operations | implementation (`WindowsAcl.Translate`) | +|--------|------|---------------------|---------------------------------------------------------------------|---------------------------------------------------------| +| | x | `Read` | read, exec | `Read.preflight` <-- `readpermission` | +| x | | `ReadAndExecute` | ls | `ListService.preflight` <-- `readpermission` | +| x | x | `Write` | write, touch, mkdir, mv source file, mv target file (if exists) | `Write.preflight` <-- `writepermission` | +| x | x | `Delete` | rm, rmdir, mv source file/folder, mv target file/folder (if exists) | `Delete.preflight` <-- `deletepermission` | +| x | | `CreateDirectories` | mkdir, mv target folder (if target folder does not exist) | `Directory.preflight` <-- `createdirectoriespermission` | + +N.B. `Write` on folders implies `CreateFiles` (=`WriteData` on files) and `CreateDirectories` (=`AppendData` on files). +N.B. `x` on files is only set for POSIX backends, i.e. never for CTERA. + +#### Documentation + +* https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights?view=net-8.0 + \ No newline at end of file