Extending text-format ACLs

Robert Watson rwatson at FreeBSD.org
Wed Apr 14 02:09:13 GMT 2004 

On Mon, 5 Apr 2004, Tim Kientzle wrote:

> Implementing ACL support for tar is a tricky business.  In particular,
> POSIX.1e draft 17 seems to overlook a critical point:  archived ACL
> information *MUST* contain both username/groupname and uid/gid.  That's
> the only way you can correctly support situations where user information
> may be unavailable[1] or have changed[2]. 
> 
> Joerg Schilling's solution with 'star' was to add an ID field, e.g.,
> 
>     user:testuser:rw-:1798
> 
> Joerg claims this is compatible with POSIX.1e, which seems reasonable to
> me, and I've implemented this in my own libarchive.  However, I notice
> that FreeBSD's acl_from_text, in particular, chokes on this format.
> 
> Question:  Are there alternatives that have been implemented elsewhere? 
> (At a minimum, I would like libarchive to be able to read any common ACL
> format.)
> 
> Question:  Should FreeBSD's implementation of acl_from_text or
> text_from_acl support this?  (Possibly simply by ignoring the additional
> field?)

I'm not convinced POSIX.1e actually thinks it is reasonable to accept the
above format, but I'm also fine with us either choosing to be more liberal
in what we accept, or in adding extended interfaces that interpret the
alternative format.  Presumably, we'd also need an extended acl_to_text() 
interface that allowed you to request the extended format.  I seem to
recall Andreas provides a version of acl_to_text() on Linux that accepts a
flags argument, which can be used to specify interest in the abbreviated
("short") ACL format as output, etc

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Senior Research Scientist, McAfee Research


> [1] Consider the case where someone is trying to clean up a trojaned
> system by restoring from backups while disconnected from NIS.  In this
> case, user/group names are not useful; numeric IDs are essential. 
> 
> [2] Consider a case where separately-maintained systems are being
> brought under a common NIS domain, requiring user/group IDs to change. 
> In this case, user/group names must be used on restore.  In particular,
> a system that hopes to support both of these examples must store both
> names and numeric IDs.  POSIX.1e draft 17 does not provide an explicit
> mechanism for doing so, hence the need for an extension. 


To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list