UFS ACL code committed to 5.0-CURRENT (cvs commit: src/sys/conf files options src/sys/ufs/ufs acl.h ufs_acl.c ufs_vnops.c (fwd))

Robert Watson rwatson at FreeBSD.org
Mon Mar 26 18:06:35 GMT 2001 

Just FYI -- the ACL distribution on www.TrustedBSD.org has now seen its
last revision, as the entire implementation has been committed to the base
FreeBSD tree, where future testing and development will take place.

Additional work on ACLs will include:

o Updating applications to be ACL-aware, especially base-system
  applications.
o Continued portability assessment, cooperation with other platforms
  for consistency and porting, etc.
o Completion of ACL editing library (which is almost complete now thanks
  to Chris Faulhaber).
o Performance testing, optimization.
o Correctness testing, optimization :-).

Incorporating this code into the base tree at this point will ensure
inclusion in 5.0-RELEASE by improving accessibility to developers and
non-developers, providing a far broader testing audience. 

Work continues on the Capabilities and Mandatory Access Control
implementations.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services

---------- Forwarded message ----------
Date: Mon, 26 Mar 2001 09:53:19 -0800 (PST)
From: Robert Watson <rwatson at FreeBSD.org>
To: cvs-committers at FreeBSD.org, cvs-all at FreeBSD.org
Subject: cvs commit: src/sys/conf files options src/sys/ufs/ufs acl.h         ufs_acl.c ufs_vnops.c

rwatson     2001/03/26 09:53:19 PST

  Modified files:
    sys/conf             files options 
    sys/ufs/ufs          ufs_vnops.c 
  Added files:
    sys/ufs/ufs          acl.h ufs_acl.c 
  Log:
  Introduce support for POSIX.1e ACLs on UFS-based file systems.  This
  implementation is still experimental, and while fairly broadly tested,
  is not yet intended for production use.  Support for POSIX.1e ACLs on
  UFS will not be MFC'd to RELENG_4.
  
  This implementation works by providing implementations of VOP_[GS]ETACL()
  for FFS, as well as modifying the appropriate access control and file
  creation routines.  In this implementation, ACLs are backed into extended
  attributes; the base ACL (owner, group, other) permissions remain in the
  inode for performance and compatibility reasons, so only the extended and
  default ACLs are placed in extended attributes.  The logic for ACL
  evaluation is provided by the fs-independent kern/kern_acl.c.
  
  o Introduce UFS_ACL, a compile-time configuration option that enables
    support for ACLs on FFS (and potentially other UFS-based file systems).
  o Introduce ufs_getacl(), ufs_setacl(), ufs_aclcheck(), which
    respectively get, set, and check the ACLs on the passed vnode.
  o Introduce ufs_sync_acl_from_inode(), ufs_sync_inode_from_acl() to
    maintain access control information between inode permissions and
    extended attribute data.
  o Modify ufs_access() to load a file access ACL and invoke
    vaccess_acl_posix1e() if ACLs are available on the file system
  o Modify ufs_mkdir() and ufs_makeinode() to associate ACLs with newly
    created directories and files, inheriting from the parent directory's
    default ACL.
  o Enable these new vnode operations and conditionally compiled code
    paths if UFS_ACL is defined.
  
  A few notes:
  
  o This implementation is fairly widely tested, but still should be
    considered experimental.
  o Currently, ACLs are not exported via NFS, instead, the summarizing
    file mode/etc from the inode is.  This results in conservative
    protection behavior, similar to the behavior of ACL-nonaware programs
    acting locally.
  o It is possible that underlying binary data formats associated with
    this implementation may change.  Consumers of the implementation
    should expect to find their local configuration obsoleted in the
    next few months, resulting in possible loss of ACL data during an
    upgrade.
  o The extended attributes interface and implementation is still
    undergoing modification to address portable interface concerns, as
    well as performance.
  o Many applications do not yet correctly handle ACLs.  In general,
    due to the POSIX.1e ACL model, behavior of ACL-unaware applications
    will be conservative with respects to file protection; some caution
    is recommended.
  o Instructions for configuring and maintaining ACLs on UFS will be
    committed in the near future; in the mean time it is possible to
    reference the README included in the last UFS ACL distribution
    placed in the TrustedBSD web site:
  
        http://www.TrustedBSD.org/downloads/
  
  Substantial debugging, hardware, travel, or connectivity support for this
  project was provided by: BSDi, Safeport Network Services, and NAI Labs.
  Significant coding contributions were made by Chris Faulhaber.  Additional
  support was provided by Brian Feldman, Thomas Moestl, and Ilmar Habibulin.
  
  Reviewed by:	jedgar, keichii, mckusick, trustedbsd-discuss, freebsd-fs
  Obtained from:	TrustedBSD Project
  
  Revision  Changes    Path
  1.502     +2 -1      src/sys/conf/files
  1.266     +6 -1      src/sys/conf/options
  1.160     +214 -6    src/sys/ufs/ufs/ufs_vnops.c


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list