From owner-freebsd-fs@FreeBSD.ORG  Fri Oct 22 12:41:42 2004
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5B38416A4CE
	for <freebsd-fs@freebsd.org>; Fri, 22 Oct 2004 12:41:42 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EBAA643D5C
	for <freebsd-fs@freebsd.org>; Fri, 22 Oct 2004 12:41:41 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i9MCfMBr050481;
	Fri, 22 Oct 2004 08:41:22 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i9MCfLpK050478;
	Fri, 22 Oct 2004 08:41:22 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 22 Oct 2004 08:41:21 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Seva Tonkonoh <seva_t@dslextreme.com>
In-Reply-To: <GMEOJKNELMGDEMDJICDMMEFJCMAA.seva_t@dslextreme.com>
Message-ID: <Pine.NEB.3.96L.1041022083717.48689C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-fs@freebsd.org
Subject: Re: acl question
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Oct 2004 12:41:42 -0000


On Thu, 21 Oct 2004, Seva Tonkonoh wrote:

> I am interested in the following problem: 
> 
> My process is running as root.  I want to check if some user is allowed
> to access a file.  Can I use ACL API to achieve that, or is there any
> other way? 
> 
> The process is multithreaded, so I am not sure if I can use setuid(). 

Currently the only reliable way to check an ACL in place on a file against
a credential is to adopt that credential for the duration of the system
call.  As you point out, this presents a problem for traditionally (POSIX) 
threaded apps, as they share a single process credential (although there
can be slightly weak consistency: a thread maintains its credential from
the start of the system call for the duration of the system call,
regardless of changes by other threads).  However, as the man page for
access(2) and eaccess(2) point out, you have to be very careful about
having user applications performing access control checks rather than
adopting the right credential, as otherwise there's a risk of nasty races.

It's also worth noting, btw, that in order to evaluate an ACL, you need
not just the uid, but also a couplete set of groups for the user, so
setuid()  alone is not enough to set up for an access control check.  Is
there a way you can avoid this requirement in your application, or does
the need to use threads (for performance or the like) prevent taking a
more process-centric model?

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Principal Research Scientist, McAfee Research