stat flag to indicate presence of an extended ACL

Robert Watson rwatson at freebsd.org
Wed Apr 14 04:27:44 GMT 2004 

On Tue, 13 Apr 2004, Tim Kientzle wrote:

> Robert Watson wrote:
> > On Tue, 13 Apr 2004, Tim Kientzle wrote:
> > 
> >>Ideally, I'd like some piece of data in struct stat that I can use to
> >>tell whether or not there is extended ACL data for this file.  (Maybe a
> >>read-only bit in st_flags that indicates "extended ACL exists"?) 
> > 
> > When we first explored doing this (so as to implement '+' output in
> > ls(1)), I discovered ... no free bits in the st_mode field.
> 
> st_mode?  Hmmm... I was thinking of st_flags, actually, which has lots
> of free space.  At least it does in the FreeBSD 5.1 version of
> sys/stat.h that I'm looking at right now. 

Yeah, understood that is what you were interested in -- st_mode was of
interest when I was last looking at it, because strmode() accepts only the
mode_t, and strmode() is where we'd want to stick in the '+'.  Putting it
in st_flags is the logical thing to do instead, but in some senses it's a
shame because of strmode()...

> I was thinking of changing SF_SETTABLE to 0x0fff0000 and then using the
> upper 4 flag bits to indicate special file properties (e.g., "has
> extended access ACL", "has default ACL", "has extended attributes",
> ...). 

Yeah.

> > ... you'd need semantics that support
> > ls(1)'s need to display a flag for an extended access ACL,
> 
> I always assumed ls showed a '+' for a default ACL as well, though I've
> never tested.  I guess ls.1 doesn't really say. 

I believe POSIX.2c indicates ls(1) should display '+' only for extended
access ACLs, but we've recently demonstrated that my memory of the specs
is hazy as a result of several years of non-reading.

> > for tar to detect the presence of access or default ACLs.  Which suggests
> > possibly two flags, one for default, and one for access.
> 
> That would be nice.  To be honest, I would be happy with just a flag for
> extended access ACLs, since that's the one that hurts (there are
> generally fewer directories than files, so default ACLs are less pain). 
> Just the one bit to flag the presence of an extended access ACL would
> help a lot with any program that needed to examine ACL data for lots of
> files (find, tar, ls, cp -r, cpio, ...). 
> 
> Of course, if you're offering both, I won't turn you down.  ;-) 

The complicating factor in implementing this is that I'll need to remember
how to hook the EA write vs the inode write into soft updates, which I
something I discussed with Kirk a while back, but don't remember the
details. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Senior Research Scientist, McAfee Research


To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list