acl question

Seva Tonkonoh seva_t at dslextreme.com
Sat Oct 23 00:56:55 PDT 2004 

I turned to ACL mostly because I thought it might be more "thread-friendly"
than access() syscall. Yes, I would like to use threads because of the
performance
reasons, and just because it seems as a cleaner approach.
Ideally, I'd love to have Windows-style "thread impersonation".

>From what you said, it seems my only option would be to use multi-process
design.

Thanks a lot for your suggestions,
Seva Tonkonoh


-----Original Message-----
From: Robert Watson [mailto:rwatson at freebsd.org]
Sent: Friday, October 22, 2004 5:41 AM
To: Seva Tonkonoh
Cc: freebsd-fs at freebsd.org
Subject: Re: acl question



On Thu, 21 Oct 2004, Seva Tonkonoh wrote:

> I am interested in the following problem:
>
> My process is running as root.  I want to check if some user is allowed
> to access a file.  Can I use ACL API to achieve that, or is there any
> other way?
>
> The process is multithreaded, so I am not sure if I can use setuid().

Currently the only reliable way to check an ACL in place on a file against
a credential is to adopt that credential for the duration of the system
call.  As you point out, this presents a problem for traditionally (POSIX)
threaded apps, as they share a single process credential (although there
can be slightly weak consistency: a thread maintains its credential from
the start of the system call for the duration of the system call,
regardless of changes by other threads).  However, as the man page for
access(2) and eaccess(2) point out, you have to be very careful about
having user applications performing access control checks rather than
adopting the right credential, as otherwise there's a risk of nasty races.

It's also worth noting, btw, that in order to evaluate an ACL, you need
not just the uid, but also a couplete set of groups for the user, so
setuid()  alone is not enough to set up for an access control check.  Is
there a way you can avoid this requirement in your application, or does
the need to use threads (for performance or the like) prevent taking a
more process-centric model?

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Principal Research Scientist, McAfee Research

More information about the freebsd-fs mailing list