acl_get_file() -- failure mode when ACLs not available on file system?

Casey Schaufler casey at sgi.com
Tue Feb 13 17:13:48 GMT 2001 

Robert Watson wrote:

> Hmm.  Here's what currently happens on FreeBSD 5.0-CURRENT with ACL
> patches slapped in, and when addressing native UFS file systems:
> 
> 1) If UFS_ACL is not defined in the kernel config file (that is, ACL
>    support is not compiled in for UFS file systems), then the ACL VOP's
>    will always return EOPNOTSUPP.

Good.

> 2) If UFS_ACL is defined in the kernel config file (support is compiled
>    in), but is not enabled for the current file system (i.e., appropriate
>    extended attributes don't exist, or extended attribute support is
>    not available), then acl_get_file() returns an ACL based on the
>    available permissions,

Not good.

>    but acl_set_file() returns EOPNOTSUPP in all
>    cases (even when the ACL could be mapped to a base set of permissions)

Good.

> 3) If UFS_ACL is defined in the kernel config file (support is compield
>    in), and appropriate extended attributes are configured and enabled for
>    the target file system, acl_get_file() and acl_set_file() both work
>    as defined.

Not so good. If the file has not had an ACL assigned, either
explicitly with acl_set_{file,fd}() or implicitly by a
directory default ACL, acl_get_file() ought to return NULL.



> this
> meets your requirement that setfacl fail when ACLs are not understood by
> the file system, but allows getfacl to produce a useful result, and
> consistent with getfacl(1), although it's possibly arguable that the
> implementation of that useful result should be in libposix1e and not in
> kernel.

So how do you decide whether to put the "+" into the ls -l output?

> I prefer EOPNOTSUPP to ENOSYS ...

We only use ENOSYS because the DRAFT told us to. I do not
claim it was correct.

-- 

Casey Schaufler				Manager, Trust Technology, SGI
casey at sgi.com				voice: 650.933.1634
casey_p at pager.sgi.com			Pager: 888.220.0607
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list