Skip to content

Commit

Permalink
Update CTERA README.md.
Browse files Browse the repository at this point in the history
  • Loading branch information
@chenkins
chenkins committed Apr 17, 2024
1 parent 1508c37 commit 5dca38b
Showing 1 changed file with 35 additions and 14 deletions.
49 changes: 35 additions & 14 deletions ctera/src/main/java/ch/cyberduck/core/ctera/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

| local | Feature | folder | file | CTERA required permissions | preflight |
|------------|-------------|--------|------|-------------------------------------------------------------------------------------------------------------------------------------------------|-----------|
| ls | ListService | x | | `readpermission` | -- |
| ls | ListService | x | | `readpermission` | x |
| read | Read | | x | `readpermission` | x |
| write | Write | | x | `writepermission` | x |
| mv | Move | x | | source:`deletepermission` AND target:`writepermission` (if directory exists, i.e. overwrite) AND target's parent: `createdirectoriespermission` | x |
Expand All @@ -20,7 +20,7 @@ N.B. no need to check `readpermission` upon mv/cp.

## 1st line of defense: filesystem (Mountain Duck)

### macOS NFS POSIX
### macOS NFS POSIX (=mode sync)

| folder | file | NFS (POSIX) | affected local operations | implementation (`NfsFileSystemDelegate.getattr`) |
|--------|------|-------------|--------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|
Expand All @@ -32,18 +32,39 @@ N.B. no need to check `readpermission` upon mv/cp.

N.B. we use `Read` feature for `readpermission` on directories, as well.

### macOS File Provider Capabilities
### macOS File Provider Capabilities (=mode integrated)

| folder | file | File Provider capabilities (`DefaultFileProviderItemConverter.toFileProviderItem`) | affected local operations |
|--------|------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------|
| x | x | `NSFileProviderFileSystemUserReadable` <-- TRUE | read, ls |
| x | x | `NSFileProviderFileSystemUserWritable` <-- TRUE | write, mv, touch, mkdir |
| x | x | `NSFileProviderFileSystemUserExecutable` <-- TRUE | exec |
| x | | `NSFileProviderItemCapabilitiesAllowsContentEnumerating` <-- `Read.preflight` <-- `readpermission` | ls |
| | x | `NSFileProviderItemCapabilitiesAllowsReading` <-- `Read.preflight` <-- `readpermission` | read |
| | x | `NSFileProviderItemCapabilitiesAllowsWriting` <-- `Write.preflight` <-- `writepermission` | write |
| x | | `NSFileProviderItemCapabilitiesAllowsAddingSubItems` <-- (`Touch.preflight` (§) OR `Directory.preflight` (§)) <-- (`createdirectoriespermission` OR (future: `createfilepermission`)) == TRUE | mv, touch, mkdir |
| x | x | `NSFileProviderItemCapabilitiesAllowsDeleting` <-- `Delete.preflight` <-- `deletepermission` | rm, rmdir, mv |
| folder | file | File Provider capabilities (`DefaultFileProviderItemConverter.toFileProviderItem`) | affected local operations |
|--------|------|--------------------------------------------------------------------------------------------|---------------------------|
| x | | `NSFileProviderFileSystemUserReadable` <-- `ListService.preflight` | ls |
| | x | `NSFileProviderFileSystemUserReadable` <-- `Read.preflight` | read |
| x | | `NSFileProviderFileSystemUserWritable` <-- `Touch.preflight` <-- TRUE for CTERA | mv, touch, mkdir |
| | x | `NSFileProviderFileSystemUserWritable` <-- `Write.preflight` | write, mv |
| x | | `NSFileProviderFileSystemUserExecutable` <-- `ListService.preflight` | ls |
| | x | `NSFileProviderFileSystemUserExecutable` <-- `permission.isExecutable` <-- FALSE for CTERA | exec |

(§) with random file/directory name
(§) with empty file/directory name

N.B. File Provider sets the `x` flag on all folders independent of `NSFileProviderFileSystemUserExecutable`.

#### Documentation

* https://developer.apple.com/documentation/fileprovider/nsfileproviderfilesystemflags
* https://developer.apple.com/documentation/fileprovider/nsfileprovideritemcapabilities

### Windows (Cloud Files API (=mode integrated) and CBFS (=mode sync))

| folder | file | access right | affected local operations | implementation (`WindowsAcl.Translate`) |
|--------|------|---------------------|---------------------------------------------------------------------|---------------------------------------------------------|
| | x | `ReadAndExecute` | read, exec, ls | `Read.preflight` <-- `readpermission` |
| x | | `ReadAndExecute` | ls | `ListService.preflight` <-- `readpermission` |
| x | x | `Write` | write, touch, mkdir, mv source file, mv target file (if exists) | `Write.preflight` <-- `writepermission` |
| x | x | `Delete` | rm, rmdir, mv source file/folder, mv target file/folder (if exists) | `Delete.preflight` <-- `deletepermission` |
| x | | `CreateDirectories` | mkdir, mv target folder (if target folder does not exist) | `Directory.preflight` <-- `createdirectoriespermission` |

N.B. `Write` on folders implies `CreateFiles` (=`WriteData` on files) and `CreateDirectories` (=`AppendData` on files).

#### Documentation

* https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights?view=net-8.0

0 comments on commit 5dca38b

Please sign in to comment.