From owner-freebsd-current@FreeBSD.ORG  Tue Aug  5 07:46:53 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A4A5B37B409
	for <current@freebsd.org>; Tue,  5 Aug 2003 07:46:53 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D7E243F3F
	for <current@freebsd.org>; Tue,  5 Aug 2003 07:46:51 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h75EklAL017935;
	Tue, 5 Aug 2003 10:46:47 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)h75EklAl017932;
	Tue, 5 Aug 2003 10:46:47 -0400 (EDT)
Date: Tue, 5 Aug 2003 10:46:47 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: "Scott M. Likens" <damm@infinitevoid.net>
In-Reply-To: <1059854534.46751.0.camel@acheron.livid.de>
Message-ID: <Pine.NEB.3.96L.1030805104220.11763C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: current@freebsd.org
Subject: Re: ACLS on UFS2 from FreeBSD 5.1-RELEASE install.
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2003 14:46:54 -0000


On 2 Aug 2003, Scott M. Likens wrote:

> Has anyone noticed the ACLS being disabled? 
> 
> tunefs -p /dev/da1s1c shows that ACLS are disabled on every partition I
> have, i've gone through them all. 
> 
> any reason why? 

Yes -- they are disabled by default because they're not required by most
users, and as a new (and slightly experimental) feature, involve a
slightly greater risk of problems.  I believe I added support to
sysinstall to enable ACLs during the partition process; if not, you can
enable them later using tunefs.  One of the difficulties associated with
ACLs is that not all applications understand them -- while the failure
mode is predictable and relatively clean, it means that you may sometimes
lose ACLs on objects when they are replaced by an application without ACL
support.  For example, some applications will move a file out of the way
and create a new copy when updating a file -- if they don't understand
ACLs, they can't propagate the ACL from the old object to the new object.
Also, several of the base system utilities (such as mv) don't currently
propagate ACLs.  I hope to fix up a number of them for 5.3, but I suspect
we'll bump into such programs once in a while as we move forwards.

Most of the performance loss associated with ACLs on UFS1 have been
eliminated through UFS2, which is a point in favor of enabling ACLs by
default. 

Once they've settled for some time and the feedback is all looking good,
we might choose to enable them by default.  Disabling by default is
consistent with several other systems also supporting ACLs. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories