> I've been thinking some about ACL's, but have not come up with any neat,
> or inexpensive/simple way to do them yet.  Does anyone have some ideas
> on how to best implement them?
> 
I'm by no means expert in this field, but I really liked VMS's ACLs.
(Any nice weapon to shoot me?). They'd be a Big Win in NetBSD. 

How about the following: An ACL is stored in a normal file, which
doesn't have any name, just a special inode with type ACL or something.
Obviously fsck has to be modified.

Now if a file has an ACL, in its inode we give the i-number of the ACL.

In the ACL file, store the uid-gid-permissions data in some hashed or
sorted form, to allow quick lookup, and get the access checking functions
modified accordingly. Maybe some cacheing should be done on ACLs?

The vfs interface should be extended with something like open_acl,
add_acl, remove_acl. These functions may return a file handle 
to an acl editor to change the permissions. Or should the whole
acl editing be done in the fs code? (like ch_acl(file, uid, gid, perm))

I think this can be implemented easily, without much change to the
current code.

Or how about some acl_fs, mountable with some vfs magic on any 
currently supported fs?

More ideas?

szabolcs

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|You are not expected to understand this |        Szabolcs  Szigeti         |
| -- Ken Thompson in swtch() --          |         pink@fsz.bme.hu          |
|                                        |  http://www.fsz.bme.hu/~pink/    |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=