From owner-freebsd-security Thu Sep 30 12:22:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 4015715A12 for ; Thu, 30 Sep 1999 12:22:05 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id PAA21253; Thu, 30 Sep 1999 15:21:47 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Thu, 30 Sep 1999 15:21:47 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Lev Serebryakov Cc: freebsd-security@FreeBSD.ORG Subject: Re: Filesystem with ACLs In-Reply-To: <18952.990929@imc.macro.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 29 Sep 1999, Lev Serebryakov wrote: > Hi, All! > > Is here some FS with ACLs (NT or Novell Netware-like) for FreeBSD or > some project to add ACLs to FFS? Over the past couple of years, a number of people have expressed interest in an ACLfs, but the big sticking point has been the way to implement it. The easiest way to implement would be via a file system layer--i.e., rather than modifying FFS itself, have a layer that you slap on top that adds ACLs to an existing FFS file system. However, the layering code is at present broken in FreeBSD, so before a layer like that could be developed, we'd have to wait for layering to be fixed :-). The other alternatives considered include modifying FFS at a disk block level to add space for ACLs, bind them to directories and/or files. This means modifying the FFS code, the file system checker, etc, and that would be fairly painful, and probably less likely to be integrated into the base OS because of the changes. Another alternative is to follow the model of the Quota people--store ACL informatino in t a file in the root directory of the FS, and dump changes out to that file as required. None of these is ideal--the quota and layer mechanisms due to the lack of underlying support, and also because of the consistency issue--ACLs are important when it comes to maintaining consistent versions of meta-data on disk for a file. The modification of FFS introduces significant complications also. If I had to implement ACLfs today, I'd probably do it the quota approach, even though I think that's an ugly solution, as it would be easiest to implement. Anyone who lives in FS-land have ay news about when/whether layering will work again someday? :-) I saw a sequence of posts on freebsd-fs a while back discussing fixes to the infrastructure for locking and aliasing, but I'm really not up on that stuff. As to the semantics of ACLs--Posix.1e defines a set of semantics and utilities for managing ACLs. My personal feeling is that they are overly complex and not all that intuitive (they are the same, for reference, as Solaris ACLs). I prefer the Coda/AFS model of having ACLs on directories, and having only limited permissions on files. While this would be messy for a lot of existing UNIX utitilies/directories, and messes up hard links, it provides a really simple and intuitive approach to ACL management. At first I found it constraining, but in the end it encouraged me to manage my directory structure better :-). And it was certainly easier to manage 90 sets of directory permissions that over 4000 sets of file permissions. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message