ACLs: what to return for fs that doesn't support them?

Robert Watson robert at cyrus.watson.org
Fri Oct 29 03:41:29 GMT 1999 

On Fri, 29 Oct 1999, Andreas Gruenbacher wrote:

> Casey Schaufler wrote:
> > 
> > Robert Watson wrote:
> > >
> > > What should acl_{get,set}_{file,fd} return when
> > > the base FS doesn't support ACLs?
> > 
> > At one point the Draft specified that ENOSYS be returned.
> > That was dropped later, but I don't remember why.
> 
> I always assumed that the mode field should be modified on filesystems
> without ACL support if possible. If this is not possible (i.e., with an
> extended ACL), ENOSYS seems a good choice. What do you do on Irix? 

Unfortunately, both of these sound counter-intuitive to me :-).

1) ENOSYS seems to imply that the syscall isn't implemented--at least,
traditionally in BSD ENOSYS is returned if you don't have a module loaded
that normally supports the syscall, or an option disabled or the like.
Not sure how it's used in other OS's, but I feel like that result is
misleading--the kernel does support it, it's just the underlying FS that
doesn't.  For example, like trying to create a file in procfs, etc--it's a
feature of the FS, not the syscall.  The text for ENOSYS in BSD-land from
perror is "Operation not implemented", which I suppose could reflect the
FS not having implemented the vnop, but usually this is a syscall thing in
BSD.

2) The convert-request-into-nearest-mode also seems counter-intuitive, as
it can give a false sense of the protections on a file--i.e., setting one
ACL can result in different protections, but no error message.  In
BSD-land, we have "EOPNOTSUPP" which is what is returned by the VFS layer
when no file system in the vnode stack can handle the vnode operation
requested.  It seems to be in the "ipc/network software -- argument
errors" category of errno.h, but it's use seems more general.  Another
possibility is to reject requests to modify an ACL to something the mode
could not support -- i.e., EINVAL if it is extended, otherwise succeed.

For reading, the mode can almost always be turned into an ACL, although in
a file system like AFS or Coda there's already well-defined ACL semantics,
so it might make sense to return EOPNOTSUPP to the POSIX.1e ACL interface
if it's improper, and have the user know to use fs or cfs as needed.

Is EOPNOTSUPP listed in POSIX or is that BSD-only?

  Robert N M Watson 

robert at fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list