[Xapian-tickets] [Xapian] #632: ACL support for omindex

Xapian nobody at xapian.org
Mon Mar 10 04:34:45 GMT 2014


#632: ACL support for omindex
-------------------------+-------------------------
 Reporter:  egarette     |             Owner:  olly
     Type:  enhancement  |            Status:  new
 Priority:  normal       |         Milestone:
Component:  Other        |           Version:
 Severity:  normal       |        Resolution:
 Keywords:               |        Blocked By:
 Blocking:               |  Operating System:  All
-------------------------+-------------------------
\
\
\
\
\
\

Comment (by olly):

 Thanks for the patch.  Some thoughts:

 The switch in {{{get_acls()}}} is missing {{{break;}}} at the end of the
 cases.  If this is deliberate, it really deserves a comment to make it
 clear this isn't an oversight.

 You seem to have removed the code which suppresses adding I<user> and
 I@<group> terms when the file is world-readable (and so has an I* term).
 What's the reasoning behind that?

 I don't understand the logic for adding O and G prefixed terms from ACLs.
 These are meant to indicate which user and group '''own''' the file, so
 you can search for "all files owned by X".

 I don't understand how your patch handles an ACL saying who '''can't'''
 read a file.  You need to add V prefixed terms for those.

 The change from mtime to ctime will mean that the "last modified" time
 reported in the Omega UI will now in general not actually be the last time
 the contents of the file were changed.

 I'm also slightly concerned that the mtime -> ctime change will result in
 reindexing files in many more cases - e.g. if I tar up a file tree and
 Xapian database and untar it on another machine (as a non-privileged
 user), the mtimes are preserved but the ctimes change.  So this change
 would mean that omindex would have to reindex every document in this case
 (and without root access, I don't think one can avoid that).

 I think we probably need to store the ctime separately (so lastmod still
 works as before) and make whether ctime or mtime is used for reindexing an
 option, or else find a better way to know when ACLs have changed - perhaps
 only checking the ACL for changes if the ctime has changed but the mtime
 hasn't.

 It would also be good to have some some tests for this, which create some
 files and set up ACLs on them, index them, and check the results of
 filtering match what they should.

 I have a patch waiting to be merged which handles ACLs on SMB shares -
 I'll dig that out and compare it.  In that patch, I just ignored the issue
 of the ACLs changing after a file had been indexed (at worst it means a
 user can see document they would once have been able to read in the search
 results, and any snippets shown will come from the version they were able
 to read).
\
\
\

--
Ticket URL: <http://trac.xapian.org/ticket/632#comment:1>
Xapian <http://xapian.org/>
Xapian



More information about the Xapian-tickets mailing list