setfacl Recursive Functionality
tim at kientzle.com
Wed Feb 9 03:06:21 UTC 2011
On Feb 8, 2011, at 9:58 AM, Shawn Webb wrote:
> I've just finished a patch to add recursive functionality to setfacl. Before
> I officially submit it, I'd like a few suggestions on how to improve the
> The part I'm worried about involves the #define directive at top. I'm not
> sure what ramifications using that define might have. I needed it for my
> remove_invalid_inherit() function to work.
You should certainly not need
for any user-space utilities. What exactly is the
problem without that?
Your approach to directory walking here
is a little simplistic. In particular, you're storing
every filename for the entire tree in memory,
which is a problem for large filesystems.
It would be much better to refactor the code so that
the actual ACL update was in a function and then
recurse_directory should call that function for
each filename as it visited it. That will reduce
the memory requirements significantly.
You should also take a look at fts(3). In particular,
you'll want to implement the BSD-standard
-L/-P/-H options, and fts(3) makes that much easier.
(-L always follows symlinks, -P never follows symlinks,
-H follows symlinks on the command line).
More information about the freebsd-current