Matthias, This is really good stuff. Thank you very much. Would you be willing to contact Michael Weissbach and ask him if he can get the paper released?
Mark Post -----Original Message----- From: Matthias Wittpoth [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 17, 2002 12:37 PM To: [EMAIL PROTECTED] Subject: Re: acl's Mark, someday in the near future we will run out of space in our nt data center so we started the project of nt server consolidation. One solution could be a samba server for file services on the existing z900 with SLES7. We decided to implement a prototype to demonstrate the functionality of samba, the capability of the zseries and the integration of samba in our large nt domain. At this point we recognised that acl's are mandatory for a real option. Together with Michael Weisbach from the ibm lab in Boeblingen we started a proof of concept. These are the main steps: - to provide actual ACL support for ext2 and ext3 filesystems within Linux, there was a need to upgrade to a new kernel based on Linux kernel 2.4.17 source code and ea/acl patches designed for the 2.4.18 kernel. These patches are downloadable from http://acl.bestbits.at - To fix a problem within the ea/acl patched originaly designed for 2.4.18 kernel, there was a need to fix two lines of code within fs/ext2/xattr.c (arround line 1340) and fs/ext3/xattr.c (arround line 1365). #if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,0) modify these line to #if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,18) - After all patches successfully applied, the code is fixed, try to compile and install a new kernel. To enable ea and acl support for ext2 and ext3, run menuconfig and enable these features first: File /usr/src/linux/.config ... # CONFIG_MATHEMU is not set ... CONFIG_MD=y CONFIG_BLK_DEV_MD=m CONFIG_MD_LINEAR=m CONFIG_MD_RAID0=m CONFIG_MD_RAID1=m CONFIG_MD_RAID5=m CONFIG_MD_MULTIPATH=m CONFIG_BLK_DEV_LVM=m ... CONFIG_LCS=m CONFIG_CTC=m CONFIG_IUCV=m ... # File systems # CONFIG_FS_XATTR=y CONFIG_FS_XATTR_USER=y CONFIG_FS_POSIX_ACL=y ... CONFIG_EXT3_FS=m ... CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_XATTR_USER=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_XATTR_SHARING=y ... CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_XATTR_USER=y CONFIG_EXT2_FS_POSIX_ACL=y CONFIG_EXT2_FS_XATTR_SHARING=y CONFIG_VFS_POSIX_ACL=y ... # Network File Systems CONFIG_SMB_FS=m - build the kernel with make ... - install new boot record with zipl - install oco modules - reboot - userlevel tools from http://acl.bestbits.at : The new userlevel tools are required to handle the new ACL extension of the kernel, i.e. check the filesystem correctly, set or get ACL information on command line etc. Before compiling the user-level tools, please check that xdelta, automake, autoconf and libtool are installed. http://acl.bestbits.at/current/srpms/e2fsprogs-1.27ea-26.3.src.rpm http://acl.bestbits.at/current/srpms/fileutils-4.1.7acl-65.5.src.rpm http://acl.bestbits.at/current/srpms/acl-2.0.3-0.src.rpm http://acl.bestbits.at/current/srpms/attr-2.0.4-0.src.rpm http://acl.bestbits.at/current/srpms/star-1.4a20-2.src.rpm - after these steps the acl's are up and running ( could be tested with setfacl and getfacl ). We used the original samba 2.2.3a without any zseries dependent changes. Of course the integration in the existing nt domain is a challenge, but this is true for any platform There is an IBM internal whitepaper owned by Michael Weissbach with more details. Maybe this could be published by ibm if there is a need. Matthias Wittpoth RWE Systems Computing GmbH, Germany > -----Ursprüngliche Nachricht----- > Von: Post, Mark K [SMTP:[EMAIL PROTECTED]] > Gesendet am: Mittwoch, 17. April 2002 17:13 > An: 'Linux on 390 Port'; 'Matthias Wittpoth' > Betreff: RE: acl's > > Matthias, > > Is there any chance you could write up a more detailed explanation of > exactly what you did, where you got the patches, what changes were made > (if > any) to Samba, what was done to implement the ACLs themselves, etc.? This > topic is one that is going to get increasingly important as people move > forward with Linux and Linux/390 in businesses. > > Mark Post > > -----Original Message----- > From: Matthias Wittpoth [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 17, 2002 4:29 AM > To: [EMAIL PROTECTED] > Subject: AW: acl's > > > In a proof of concept with the ibm lab in boeblingen we implemented the > acl's with sles7. We have done that because for implementing a samba > server > with nearly same functionallity like nt the acl's are mandatory. > > We compiled a new kernel based on 2.4.17 with the necessary ibm patches > and > the acl patches for 2.4.18 (!) from acl.bestbits.at . Filesystem is ext2 > and > ext3. SAMBA is 2.2.3a. Everything is working as expected. > > Matthias Wittpoth > RWE Systems Computing GmbH, Germany > > > -----Ursprüngliche Nachricht----- > > Von: Wolfe, Gordon W [SMTP:[EMAIL PROTECTED]] > > Gesendet am: Dienstag, 16. April 2002 21:31 > > An: [EMAIL PROTECTED] > > Betreff: acl's > > > > Does anyone know if anyone has done the port of access control lists > > (acl's) > > to Linux/390 yet? Specifically SuSE SLES7? > > > > "You do not need a parachute to skydive. You only need a parachute to > > skydive twice." -Motto of the Darwin Society > > Gordon W. Wolfe, Ph.D. (425) 865-5940 > > VM Technical Services, The Boeing Company
