Subject: Re: Access Control Lists
To: Pavel Cahyna <>
From: Bill Studenmund <>
List: tech-kern
Date: 05/03/2006 08:49:10
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 03, 2006 at 03:30:47PM +0200, Pavel Cahyna wrote:
> On Tue, May 02, 2006 at 03:14:31PM +0200, Elad Efrat wrote:
> > Brett Lymn wrote:
> >=20
> > > Do you mean POSIX ACL's here?
> >=20
> > I hope not. :)
> The best thign would be to have the ACL models pluggable, so if somebody
> wants POSIX ACLs he can compile in/load the appropriate module. I would
> prefer POSIX ACLs, but I know that people seem to prefer the Windows NT
> ones.

Well, POSIX ACLs aren't really used much. All of the new work I'm familiar=
with is moving with NT ACLs, including NFSv4.

> > > ok but how to you find these chunks of data on the media if there are
> > > no pointers to them?  How do you associate files in a file system with
> > > a blob entry?  How are the tools that need to manipulate the ACL
> > > entries going to find the ACL data on the media?
> >=20
> > That's exactly why I removed ACLs from the projects page. The real work
> > will be to do the underlying implementation, which has nothing to do
> > with ACLs but more with file meta-data.
> >=20
> > A project that fits in the SoC time-frame and would be the first logical
> > move in this direction is Adding subfiles to FFS:
> >=20
> >
> What have subfiles to do with ACLs?

Where do you think we put them? :-)

As Elad noted, we need a STRONG way to associate the ACL with the rest of=
the file, and subfiles-for-storage are a good option.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)