[Xapian-tickets] [Xapian] #632: ACL support for omindex
Xapian
nobody at xapian.org
Mon Mar 10 04:34:45 GMT 2014
#632: ACL support for omindex
-------------------------+-------------------------
Reporter: egarette | Owner: olly
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Other | Version:
Severity: normal | Resolution:
Keywords: | Blocked By:
Blocking: | Operating System: All
-------------------------+-------------------------
\
\
\
\
\
\
Comment (by olly):
Thanks for the patch. Some thoughts:
The switch in {{{get_acls()}}} is missing {{{break;}}} at the end of the
cases. If this is deliberate, it really deserves a comment to make it
clear this isn't an oversight.
You seem to have removed the code which suppresses adding I<user> and
I@<group> terms when the file is world-readable (and so has an I* term).
What's the reasoning behind that?
I don't understand the logic for adding O and G prefixed terms from ACLs.
These are meant to indicate which user and group '''own''' the file, so
you can search for "all files owned by X".
I don't understand how your patch handles an ACL saying who '''can't'''
read a file. You need to add V prefixed terms for those.
The change from mtime to ctime will mean that the "last modified" time
reported in the Omega UI will now in general not actually be the last time
the contents of the file were changed.
I'm also slightly concerned that the mtime -> ctime change will result in
reindexing files in many more cases - e.g. if I tar up a file tree and
Xapian database and untar it on another machine (as a non-privileged
user), the mtimes are preserved but the ctimes change. So this change
would mean that omindex would have to reindex every document in this case
(and without root access, I don't think one can avoid that).
I think we probably need to store the ctime separately (so lastmod still
works as before) and make whether ctime or mtime is used for reindexing an
option, or else find a better way to know when ACLs have changed - perhaps
only checking the ACL for changes if the ctime has changed but the mtime
hasn't.
It would also be good to have some some tests for this, which create some
files and set up ACLs on them, index them, and check the results of
filtering match what they should.
I have a patch waiting to be merged which handles ACLs on SMB shares -
I'll dig that out and compare it. In that patch, I just ignored the issue
of the ACLs changing after a file had been indexed (at worst it means a
user can see document they would once have been able to read in the search
results, and any snippets shown will come from the version they were able
to read).
\
\
\
--
Ticket URL: <http://trac.xapian.org/ticket/632#comment:1>
Xapian <http://xapian.org/>
Xapian
More information about the Xapian-tickets
mailing list