tech-kern: Re: Support for ACLs

Subject: Re: Support for ACLs
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: Lord Isildur <mrfusion@umbar.vaxpower.org>
List: tech-kern
Date: 03/10/2001 15:08:06
On Sat, 10 Mar 2001, Thor Lancelot Simon wrote:
> To me, there is a simple and elegant solution available here: to define a
> new on-disk filesystem which is efficient for storing and accessing this
> kind of "additional metadata".  Then we could use our existing layered
> filesystem functionality to layer this new physical filesystem over our
> existing physical filesystem in any number of useful ways.

I agree. this stuff is metadata and does not belong in the filesystem itself,
but in some other database. The database might just be stashed as a 
regular file inside that filesystem, which seems to be a smart place to 
put it. 
> 
> There is an obvious downside here: networked filesystems.  If you can't
> extend the basic NFS protocol, then you have a rather unpleasant choice
> of whether to do the layering on client or server.  If you do it on the
> server, things like ACLs are enforced but can't be manipulated (and
> data such as "resource forks" probably can't be accessed at all).  If you
> do it on the client, at least for purposes of access control you are
> forced to trust that the client will do the same data layering that you
> do.

This is a big can of worms that has been dealt with before though; Sun has
acl-aware nfs, there is RFS and DFS and AFS all of which support ACLs, 
etc etc . 

> However, using the existing filesystem layering mechanism at least lets
> you make this choice as appropriate for each specific application of this
> "metadata layering" you might choose to implement and use.  In the "resource
> fork" case, you'd NFS-export both filesystems from the server and have the
> client layer them, for example.

this seems pretty messy...
The server really is all that needs to enforce the acls. a utility, 
similar to the AFS fs and pts and bos commands, will be needed anyhow, 
and a networked version of this can be easily cooked up, to talk to an acld
or something, that you run when you run the nfsd, and thattakes care of 
modifing ACLs. Having them enforced is only done by the server. You have to
trust the client machines then, but , well, you gotta trust somebody!

Isildur