Date: Thu, 30 Sep 1999 15:21:47 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Lev Serebryakov <lev@imc.macro.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Filesystem with ACLs Message-ID: <Pine.BSF.3.96.990930151459.21230A-100000@fledge.watson.org> In-Reply-To: <18952.990929@imc.macro.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Sep 1999, Lev Serebryakov wrote: > Hi, All! > > Is here some FS with ACLs (NT or Novell Netware-like) for FreeBSD or > some project to add ACLs to FFS? Over the past couple of years, a number of people have expressed interest in an ACLfs, but the big sticking point has been the way to implement it. The easiest way to implement would be via a file system layer--i.e., rather than modifying FFS itself, have a layer that you slap on top that adds ACLs to an existing FFS file system. However, the layering code is at present broken in FreeBSD, so before a layer like that could be developed, we'd have to wait for layering to be fixed :-). The other alternatives considered include modifying FFS at a disk block level to add space for ACLs, bind them to directories and/or files. This means modifying the FFS code, the file system checker, etc, and that would be fairly painful, and probably less likely to be integrated into the base OS because of the changes. Another alternative is to follow the model of the Quota people--store ACL informatino in t a file in the root directory of the FS, and dump changes out to that file as required. None of these is ideal--the quota and layer mechanisms due to the lack of underlying support, and also because of the consistency issue--ACLs are important when it comes to maintaining consistent versions of meta-data on disk for a file. The modification of FFS introduces significant complications also. If I had to implement ACLfs today, I'd probably do it the quota approach, even though I think that's an ugly solution, as it would be easiest to implement. Anyone who lives in FS-land have ay news about when/whether layering will work again someday? :-) I saw a sequence of posts on freebsd-fs a while back discussing fixes to the infrastructure for locking and aliasing, but I'm really not up on that stuff. As to the semantics of ACLs--Posix.1e defines a set of semantics and utilities for managing ACLs. My personal feeling is that they are overly complex and not all that intuitive (they are the same, for reference, as Solaris ACLs). I prefer the Coda/AFS model of having ACLs on directories, and having only limited permissions on files. While this would be messy for a lot of existing UNIX utitilies/directories, and messes up hard links, it provides a really simple and intuitive approach to ACL management. At first I found it constraining, but in the end it encouraged me to manage my directory structure better :-). And it was certainly easier to manage 90 sets of directory permissions that over 4000 sets of file permissions. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990930151459.21230A-100000>