Subject: Re: ACL's revisited
To: Robert Elz <kre@munnari.OZ.AU>
From: Wojciech Puchar <wojtek@wojtek.3miasto.net>
List: tech-kern
Date: 08/26/2001 14:07:31
>
> | is it extra file per normal file?
>
> It was an extra file per ACL (or other data needing such a thing).
> That is, if you have one ACL (generic permission set) that's the same
> for all your files, there'd be exactly one extra file. If you want to
> set up a different permission set for every different file, then there
> would be one extra file per file.
i understand. for same acl definition one file could be shared (both in
disk and in memory)?
so maybe only extra machine word be sufficient per inode. containing 0 if
no acl is used, and "acl" inode number if it is (which can be same for
many file inodes). acl inode can have the same data like normal file or
dir, but pointing to acl definition data instead of regular file data.
this should make almost no slowdown if there is no acl used even with acl
compiled in, while config option could be made to not compile acl support
at all.