NFSv4 ACL support in star
Edward Tomasz Napierała
trasz at FreeBSD.org
Wed Nov 6 19:49:52 UTC 2013
Wiadomość napisana przez Joerg Schilling w dniu 6 lis 2013, o godz. 18:39:
> Trying to add Andreas Grünbacher who implemented the original
> POSIX.1e code for Linux.
[..]
> I like to see an implementation that (if implemented as an enhancement of the
> withdrawn POSIX.1e ACL interfaces) gives similar features as libsec does:
In order to make FreeBSD support NFSv4, I did exactly that: I've added
a number of functions, such as acl_get_entry_type_np(3) (basically, this
is for "allow/deny" part of ACL), and extended existing ones, e.g. to add
new permissions.
> - libsec e.g. calls pathconf(name, _PC_ACL_ENABLED) in order to find
> the ACL type that is used for a file and controls which ACL flavor to
> retrieve.
Use the usual pathconf(3), with _PC_ACL_NFS4.
> - libsec includes code to deal with ephemeral IDs used with CIFS clients.
Hm, isn't this independent from ACL implementation?
> - libsec offers acl_type(aclp) to find the ACl type without a need to
> call acl_totext(), so I could use:
See acl_get_brand_np().
> acl_totext(aclp, 0) for UFS ACLs and the known to work postprocess code.
>
> or
>
> acl_totext(aclp, ACL_COMPACT_FMT | ACL_APPEND_ID | ACL_SID_FMT) for
> NFSv4 ACLS.
The acl_to_text() function works for both POSIX.1e and NFSv4 ACLs; to change
the output format there is acl_to_text_np().
> See e.g.: http://schillix.berlios.de/man/man3sec/acl_totext.3sec.html
> and other man pages at:
>
> http://schillix.berlios.de/man/man3sec/
>
> I am in hope that we could get a final library interface that still stays
> compatible between FreeBSD and Linux as this was the base for being able to
> support more platforms with POSIX.1e draft ACLs.
I think porting what I did would be a good choice - it's fully backwards
compatible, API-wise, and not actually hacky.
--
If you cut off my head, what would I say? Me and my head, or me and my body?
More information about the posix1e
mailing list