Subject: Re: ACL's revisited
To: gabriel rosenkoetter <gr@eclipsed.net>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-kern
Date: 08/27/2001 16:43:25
On Sat, 25 Aug 2001, gabriel rosenkoetter wrote:

> On Sat, Aug 25, 2001 at 10:57:04PM -0400, Ken Cross wrote:
> > In the current FreeBSD implementation, the ACL's are stored in a separate
> > file, one per filesystem.  I think the inode number is an index into the
> > file for where the ACL is stored (it's a fixed size and you certainly don't
> > want a sequential search).  The inode and the on-disk structure for the
> > files themselves are not changed.  This has pros and cons, but it's
> > straightforward and reasonably portable.
>
> The cons include this including significantly slower for file access
> (though probably not noticeable to the average user, there are
> definitely things, like say large user databases, that would do well
> not to have the overhead of reading an extra file). That said, this
> is precisely what we do with quotas, and it seems to work just fine
> there.

You'd read the ACL in when the inode is read in. If the inode stays in the
kernel's memory, so will the ACL. So a large database won't notice the ACL
- it would open the files when it starts up then keep using them.

Also, the large DB's I'm aware of have everything owned by the db user -
there are no ACLs as the db user is the only one w/ access.

Take care,

Bill