On Thu, 2 Nov 2000, Andreas Gruenbacher wrote:
> On Wed, 1 Nov 2000, Robert Watson wrote:
>
> >
> > On Tue, 31 Oct 2000, Peter J. Braam wrote:
> >
> > > Good discussion! A few pieces of information from AFS/Coda land below:
> >
> > Hey there Peter -- hope life is going well for you.
> >
> > > > The same lack of semantics on the "id" part which allows local clients
> > > > to map their own local uid space any way they want, also prevents
> > > > local clients from doing any useful parsing of remote ids. For remote
> > > > ids, utf/8 is the only token available.
> > >
> > > In fact the world local takes on two meanings. In a large local realm
> > > it is not feasible for a client to cache the entire local realm's user
> > > database and perform mappings. It also becomes highly impractical to
> > > give users the same uid across systems. Interestingly, I think that
> > > neither Coda nor AFS at present support uid mapping.
> >
> > This was the conclusion I reached also -- right now, my POSIX.1e ACL
> > implementation has ACL_TYPE_CODA and ACL_TYPE_AFS which mean that the ID
> > namespace for each entry in the ACL is the "local" AFS/Coda realm, similar
> > to handling of chown (and that the AFS/Coda ACL semantics hold).
>
> Is this per ACL or per ACE?
>
> Where's the documentation of all those things, including
> acl_check_file() and such?
Sorry about that -- braino. acl_check() is a Kerberos routine. I meant
acl_valid vs. acl_valid_file_np() and acl_valid_fd_np(). In FreeBSD, the
_np suffix means that it's a non-portable form of a POSIX or other
standard function. If you implement it also, I can always remove the _np
:-). The man page is at:
http://www.FreeBSD.org/cgi/man.cgi?query=acl_valid&apropos=0&sektion=0&manpath=FreeBSD+5.0-current&format=html
The check occurs per-ACL: it's a lot like acl_valid(), only you specify
your desired target file/directory and ACL type:
int
acl_valid_fd_np(int fd, acl_type_t type, acl_t acl)
int
acl_valid_file_np(const char *path_p, acl_type_t type, acl_t acl)
In my implementation, these back onto two similarly named system call
wrappers, __acl_check_file and __acl_check_fd. The wrap layer allows the
POSIX.1e library to sort the ACL if it's a POSIX.1e ACL type (although
this is no longer a requirement in my implementation, and should probably
be removed). This is then backed onto a vnode operation:
#
#% aclcheck vp = = =
#
vop_aclcheck {
IN struct vnode *vp;
IN acl_type_t type;
IN struct acl *aclp;
IN struct ucred *cred;
IN struct proc *p;
};
Which allows the file system itself to implement the validity check with
the full context of the set operation -- target vnode, ACL, and ACL type.
Note that the above vnode operation specification indicates that a lock is
not required to be held for the vnode: you could imagine that some ACL
implementations might require a lock, so I might change that to L L L
later.
Right now the ACL syntax, as I've mentioned, is fixed across all file
systems, enforcing the use if an id_t for the principal. This is
consistent with the behavior of UFS, NFS<v4, and AFS. I also concluded
that it would probably be safe for other file systems, as there's no
guarantee that the same userland ACL utility can be used for all of them
anyway: they have different rights, and different semantics, meaning that
even allowing for acl_check_{fd,file}_np(), the ACL utility has to be
somewhat involved. This might be fixable by moving to a model wherein
acl_from_text and acl_to_text were also per-filesystem and had more
context during conversion (taret file, ACL type), but handled via
additional userland library modules in the style of PAM, but I was
unwilling to address the full ramifications of this, so stuck with the
current mechanism. What it does allow is for the AFS/Coda ACL utility to
avoid using ioctl() to set ACLs, instead using a standard ACL interface.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED] NAI Labs, Safeport Network Services
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to [EMAIL PROTECTED]
