From owner-freebsd-arch Fri Oct 22 8:50:20 1999 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id 9A7A414C31 for ; Fri, 22 Oct 1999 08:49:54 -0700 (PDT) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id RAA12808 for ; Fri, 22 Oct 1999 17:49:50 +0200 (CEST) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id RAA00609 for freebsd-arch@freebsd.org; Fri, 22 Oct 1999 17:49:49 +0200 (MET DST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3F12814C2A; Fri, 22 Oct 1999 08:49:09 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id LAA53171; Fri, 22 Oct 1999 11:48:46 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Fri, 22 Oct 1999 11:48:46 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: scott Cc: freebsd-arch@freebsd.org, freebsd-security@freebsd.org Subject: Re: VFS, vnodes, and ACLs: Thoughts and Questions on integrating , POSIX.1e ACLs into FreeBSD In-Reply-To: <19991022112650.A93123@chronis.pobox.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've put the mailing lists back in the CC for my response because I include references to specifications, web pages, etc, below that answer some other people's questions also. On Fri, 22 Oct 1999, scott wrote: > On Fri, Oct 22, 1999 at 10:25:52AM -0400, Robert Watson wrote: > > > > I'm in the process of reviewing the POSIX.1e draft to being implementing > > ACLs. As you're probably aware, all other major UNIX distributions have > > extended ACL support available, if not turned on in the default file > > system. For those that have been following the POSIX.1e list recently, > > I've posted a summary of some of the ways they get them into the FS (IRIX: > > has general purpose attribute support; Solaris: an extra inode and file > > structure for each ACL; Linux: an extra block pointer in the inode) -- and > > now I have some questions about adding this support to FreeBSD. > > > > while I don't have the expertise to answer your questions, I am very > interested in the topic of ACL's for the filesystem, and am wondering > you can supply me with pointers to the posix.1e ACL specification and > discussions. > > I'd love to see a *good* ACL for freebsd. In particular, the admin > should be able to disallow symlinking in world writable directories, > choose what users and on what tty's can execute what set*id programs, > etc. > > I'm glad to see you taking an interest in this, and if I can get up to > speed on the standard you are referring to and some of the fs source > code, I'll certainly help out with ACL's for freebsd in any way I can. You can find information on the FreeBSD POSIX.1e implementation at http://www.watson.org/fbsd-hardening/posix1e/ Currently only information on our auditing implementation is online; we have most of a MAC implementation that I'll put online shortly, and ACLs are the next one we're working on. The spec does not define ACL rights for all the things you discuss for directories, but does provide an extensible environment for rights, so it's possible to fit them into the framework in a consistent way. At this point I'm in the design phase for FreeBSD ACLs and any advice and suggestions is greatly welcome--I'm a competent C and kernel programmer, but this is my first in-depth interaction with VFS/vnodes, so it's a learning experience for me also. There's a link from the page to a general POSIX.1e page including downloads of the specs (although redistribution is limited by our agreement with IEEEE). POSIX.1e defines standard interfaces for ACLs, Capabilities, MAC, Information Labels, and Auditing. It's a withdrawn draft, but some components are quite implementable, and are being implemented by a number of folk. There's also a posix1e mailing list for cross-platform and portability discussions that can be subscribed to by sending mail containing "subscribe posix1e" to majordomo@cyrus.watson.org. The posting address is posix1e@cyrus.watson.org. A web-accessible archive is available courtesy securityfocus.com -- it doesn't go back all the way to the beginning of the list, but includes a lot of the interesting recent discussions on MAC, ACLs, etc, including some reviews of ACL implementations on different platforms from a design perspective. I also have a complete archive available via anonymous imap from server cyrus.watson.org, mailbox lists.sec.posix1e Please let me know if you have any trouble accessing web pages, mailing lists, etc, and I'll see what I can do. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message