Date: Wed, 22 Oct 1997 19:25:04 -0600 From: Greg Skafte <skafte@worldgate.com> To: Wes Peters - Softweyr LLC <softweyr@xmission.com> Cc: chat@freebsd.org Subject: Re: C2 Trusted FreeBSD? Message-ID: <19971022192504.30720@worldgate.com> In-Reply-To: <199710230105.TAA13328@xmission.xmission.com>; from Wes Peters - Softweyr LLC on Wed, Oct 22, 1997 at 07:05:39PM -0600 References: <19971021205331.53826@worldgate.com> <199710230105.TAA13328@xmission.xmission.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Wes Peters - Softweyr LLC (softweyr@xmission.com) On Subject: Re: C2 Trusted FreeBSD? Date: Wed, Oct 22, 1997 at 07:05:39PM -0600 > > back in a former life when I worked for a company that had > > an HP, I setup extended ACLs all the time, it was very handy > > for controlling access to things like web directories. (ie > > yes everyone was part of group http, but then with the extended > > ACL I could force things to g=rwx, but still control who could > > read or write to a specific tree) ACL take a some extra time > > and effort but in the long term I found them wonderful... > > Yes, but how do you back them up, or, worse yet, restore them? How do > you copy your HTML directory tree to another drive you're bringing > on-line and preserve all the ACL settings? As noted before, *none* > of the system tools support the ACLs. If you created, for instance, > a version of TAR that backed up the ACL information, it would be > incompatible with every other version of tar in the world.* actually to back up and restore you need to use the HP equivalent of dump/restore (fbackup/frecover ) which was extended to support ACL's ... the HP version of tar had some ACL support but not as good as fbackup frecover. the HP cp/mv were acl extended and would preseve the acls on a given file/directory. > > Tools are a part of the reason ACLs aren't a standard part of UNIX. > They're not that hard to implement, esepecially not if you do it > the way HP did, which simply extends the inode information by a > fixed amount. yup .... and HP provided a library interface for all the acl routines that made hacking acl support into things very easy > > *The one exception was a backup program called DBR, which is no longer > sold. On HP-UX and AIX, it could save the ACL information using > cpio -c format and maintain compatibility with standard cpio by using > cute tricks in the cpio format. It would use a 1024 byte buffer for > the filename, and then place the null-terminated filename in the > buffer, followed by the ACL information. Cpio would happily extract > the full 1024 bytes of filename info and then open the null-terminated > filename, ignoring the ACL data. In order to restore the ACL information, > you had to restore with DBR, but *any* cpio could get the file data > off the tape. Cute, eh? > > -- > "Where am I, and what am I doing in this handbasket?" > > Wes Peters Softweyr LLC > http://www.xmission.com/~softweyr softweyr@xmission.com -- Email: skafte@worldgate.com Voice: +403 413 1910 Fax: +403 421 4929 #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 -- -- When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex. (Janet Morris)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971022192504.30720>