From owner-freebsd-hackers  Thu Jul 22 18:19:34 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from smtp02.teb1.iconnet.net (smtp02.teb1.iconnet.net [209.3.218.43])
	by hub.freebsd.org (Postfix) with ESMTP id B53BD14C57
	for <hackers@freebsd.org>; Thu, 22 Jul 1999 18:19:30 -0700 (PDT)
	(envelope-from babkin@bellatlantic.net)
Received: from bellatlantic.net (client-117-224.bellatlantic.net [151.198.117.224])
	by smtp02.teb1.iconnet.net (8.9.1/8.9.1) with ESMTP id VAA18623;
	Thu, 22 Jul 1999 21:19:22 -0400 (EDT)
Message-ID: <3797C3CD.A1F5D24B@bellatlantic.net>
Date: Thu, 22 Jul 1999 21:22:21 -0400
From: Sergey Babkin <babkin@bellatlantic.net>
X-Mailer: Mozilla 4.07 [en] (X11; I; FreeBSD 3.0-980222-SNAP i386)
MIME-Version: 1.0
To: "Daniel C. Sobral" <dcs@newsguy.com>, hackers@freebsd.org
Subject: Re: Proposed substitution for ACLs
References: <3787FB9D.3CDF0839@bellatlantic.net> <37882150.87A93451@newsguy.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Daniel C. Sobral wrote:
> 
> Sergey Babkin wrote:
> >
> > I want to propose a simple substitution for ACLs. No, here
> > is no patch yet but I'm ready and willing to do it. The reason
> > why I want to discuss it first is that this is a Political Thing.
> > And  if the Core Team decides that it's a Bad Thing, I suppose
> > it will never get commited to the system. Because of this I
> > would like to see some encouraging signs from the Core Team
> > before implementing it.
> 
> Do whatever you want: as a fs layer.

Speaking about the fs layers, can you please advise me on the current
state of nullfs ? Is it working now ? I have checked GNATS about this
and did not quite understood whether the results of a lengthly
discussion in there on this subject were ever committed.

On the other hand, I'm not sure whether implementing it as an FS
layer is a good idea. It is certainly possible to do by snooping
at the getattr/setattr calls but IMHO it will mean completely bypassing
the VOP_ACCESS of the underlying filesystem what may be not good.

On the other hand the changes to ufs_assess() seem to be quite small
and cover all the UFS type filesystems, such as FFS and EXT2FS.

Of course yet another option is to create one more fs type with all
the operations in the filesystem switch the same as for FFS except
for ufs_access().

What would be your recommendation ? Thanks!

Here is the proposed patch (made against 3.2). If it will be
considered OK I'll write some man page and LINT kernel entry too.
I'm not sure whether the sysctl sub-node vfs.ufs is really neccessary
but it seems to be logical.

-------------------------- cut here -----------------------------
*** /sys/ufs/ufs/ufs_vnops.c    1999/07/15 14:50:53     1.1
--- /sys/ufs/ufs/ufs_vnops.c    1999/07/22 18:16:28
***************
*** 57,62 ****
--- 57,63 ----
  #include <sys/dirent.h>
  #include <sys/lockf.h>
  #include <sys/poll.h>
+ #include <sys/sysctl.h>
  
  #include <vm/vm_zone.h>
  #include <vm/vm.h>
***************
*** 104,109 ****
--- 105,128 ----
  static int ufsspec_read __P((struct vop_read_args *));
  static int ufsspec_write __P((struct vop_write_args *));
  
+ #ifdef ENABLE_UFS_COMMONID
+ /*
+  * Sysctl variables to control the unified user and
+  * group ID space.
+  * commonid is the lowest ID from which the common UID/GID space starts
+  * MINCOMMONID is the minimal value, if commonid is lower then the
+  * common ID space is disabled
+  */
+ 
+ #define MINCOMMONID   100
+ 
+ SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RW, 0, "Local Unix-type filesystems");
+ static int commonid=0;
+ SYSCTL_INT(_vfs_ufs, OID_AUTO, commonid, CTLFLAG_RW, &commonid, 0,
+       "Lowest ID for the common GID/UID space");
+ 
+ #endif
+ 
  union _qcvt {
        int64_t qcvt;
        int32_t val[2];
***************
*** 339,344 ****
--- 360,382 ----
                        mask |= S_IWUSR;
                return ((ip->i_mode & mask) == mask ? 0 : EACCES);
        }
+ 
+ #ifdef ENABLE_UFS_COMMONID
+       /* if the common UID/GID is enabled check the groups against the file UID */
+       if (commonid >= MINCOMMONID && ip->i_uid >= commonid) {
+               for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; 
+                               i++, gp++)
+                       if (ip->i_uid == *gp) {
+                               if (mode & VEXEC)
+                                       mask |= S_IXUSR;
+                               if (mode & VREAD)
+                                       mask |= S_IRUSR;
+                               if (mode & VWRITE)
+                                       mask |= S_IWUSR;
+                               return ((ip->i_mode & mask) == mask ? 0 : EACCES);
+                       }
+       }
+ #endif
  
        /* Otherwise, check the groups. */
        for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
--------------------------- cut here ------------------------------------

-SB


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message