Date: 29 Nov 1999 04:44:52 +0100 From: Assar Westerlund <assar@sics.se> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: "Ilmar S. Habibulin" <ilmar@ints.ru>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, freebsd-security@freebsd.org Subject: Re: ACLs 0.1 for FreeBSD 3.3-RELEASE Message-ID: <5lr9haotaj.fsf@foo.sics.se> In-Reply-To: Robert Watson's message of "Sun, 28 Nov 1999 07:43:50 -0500 (EST)" References: <Pine.BSF.3.96.991128073147.6450A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson <robert@cyrus.watson.org> writes:
> > So I ported it to -current (and fixed some nits at the same time).
> > But now that machine doesn't seem to come back up and I don't have
> > physically access to it. :-( But I should be able to send you the
> > code hopefully later today or tomorrow. Next step is adding support
> > for vop_{get,set}acl to arla :-)
The kernel patches are at
<http://www.sics.se/~assar/freebsd-patches/acl-current-19991129.gz>;
I'll also make diffs incorporate the library and the user-level
programs available at a URL close to that.
> Yes -- this was a change I was making over the DARPA ActiveNets workshop
> and lost track of, as I didn't have a crash machine with me. I guess the
> best thing to do would be to get your version committed to -CURRENT, and
> then I can resync on -CURERNT as my development tree and continue work
> from there?
I think so.
> I feel two directions of pull here--the first is to produce as
> near-POSIX.1e implementation as possible to maximize the chances of
> portability and consistency across platforms; the other is to maximize
> what I think of as the most desirable functionality, which approximates
> what Coda and AFS use (directory-only permissions, and a bit more specific
> than read/write/execute). For the implementation, I went with
> almost-exactly-POSIX, and feel we should probably do that for local file
> systems, but that the issue of introducing Coda/AFS permission sets into
> the interface, as they are permitted by the draft, is an interesting one
> and should be looked at in detail.
I'm more interested in getting something useful (and somewhat
generic). I haven't given any thought as to have to map AFS ACLs into
Posix ones.
> If you don't have a copy of the spec, we should get a copy to you. I
> believe Winni put a copy online and posted to bugtraq a while back, and
> that it is off of his POSIX.1e page? We have permission from IEEE to
> redistribute it as long as new downloaders agree not to redistribute it
> themselves, the normal "don't blaim IEEE if it breaks your life", etc,
> etc.
I don't have the spec and didn't find it at Winni's page either.
/assar
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5lr9haotaj.fsf>