ACLs: what to return for fs that doesn't support them?
Robert Watson
robert at cyrus.watson.org
Tue Oct 26 15:11:20 GMT 1999
While I don't have on the fs support for ACLs on FreeBSD yet, I do have
the kernel infrastructure and so on. Since I don't have it in the base
fs, the question comes up: What should acl_{get,set}_{file,fd} return when
the base FS doesn't support ACLs? The two possibilities appear to be:
1) EOPNOSUPP (operation not supported)
2) Emulate ACLs based on permissions, rejecting submission of
unsupported ACLs for the FS
This brings up the related issue for file systems such as Coda and AFS
that support ACLs that look similar, but have some differences: both
support ACLs that assign specific sets of rights to specific users or
groups. However, they are a different set of rights than the UNIX rights
with somewhat different semantics (they have admin, read, lookup, insert,
delete, lock on directories, normal user permissions on files, no default
ACLs). Also, their group IDs come out the same namespace as their user
IDs. It seems like useful behavior would be to allow getting but not
setting of ACLs for Coda. Perhaps the same applies to normal permissions,
but given the similarity between POSIX.1e ACLs and permissions, full
emulation would be possible, albeit possibly be less intuitive to the
user.
Robert N M Watson
robert at fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list