ACLs: Ideas for projects...
Andreas Gruenbacher
a.gruenbacher at infosys.tuwien.ac.at
Wed Oct 20 14:31:55 GMT 1999
Hi all,
the ACL implementation at <http://major.rithus.co.at/acl/> is doing fine, it
seems. Now I want to suggest a few ideas for projects people might want to
undertake.
Some might result in _a lot_ of honor and respect, others might yield a nice
research paper, maybe more :)
Here are some ideas...
Do you have other ideas concerning ACLs?
Performance comparison of ACL systems
-------------------------------------
There is a number of operating systems which implement ACLs including Solaris,
Irix, AIX, Digital Unix, HP/UX, and now, Linux. The following questions seem
interesting:
* What space/time overhead is introduced by using ACLs, as compared to running
the same filesystem without ACLs?
* How do different OSes compare in terms of this overhead?
* (For Linux) how do the different ACL implementations compare? Are the
implementations good enough? What could be improved and how?
POSIX ACL library functions
---------------------------
Raymond S Brand <rsbx at rsbx.net> has a complete implementation of the POSIX Draft
Standard 17 ACL library functions. These would need to be integrated with the
Linux ACL project, tested, etc. Somebody volunteer, please :)
ACLs for other filesystems
--------------------------
Linux supports many different filesystems. Some of them have native ACL support.
Support for these filesystems' ACLs should be added. Most important to me seems
NFS ACL support.
FS-independent ACLs (like UMSDOS)
---------------------------------
Even for filesystems that lack native ACL support, an ACL layer could be
introduced (like UMSDOS) that adds ACL support. Maybe this should be integrated
with UMSDOS?
Linux ACL ports to other platforms
----------------------------------
Currently, we only have ACL support in i386. People are working on PowerPC,
Sparc, and Alpha ports, but progress seems to be moderate. Would you like to
support your favorite platform? If so, I can give you a couple of hints. It
shouldn't be _that_ hard :)
Utilities tar, cpio, dump
-------------------------
The standard backup utilities on Linux currently are not aware of ACLs. Backing
up is possible by extracting ACL data into files. Restoring is cumbersome,
however, especially for selective restores. Maybe somebody wants to take the GNU
tar / cpio / ... utilities and extend them :)
Per process ACLs
----------------
It would be interesting to have per process ACLs, much like the umask is used
now. This can be done within the POSIX Draft Standard 17's limits. I guess this
could be made a nice project, with comparisons to other security related
projects for Linux.
Best,
Andreas
------------------------------------------------------------------------
Andreas Gruenbacher, Vienna University of Technology
a.gruenbacher at infosys.tuwien.ac.at
Contact information: http://www.infosys.tuwien.ac.at/~agruenba
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list