On Mon, 12 Mar 2001, Bill Studenmund wrote:

: > There is at least one other, very important downside, which I think
: > I saw brought up: you need to ensure that all accesses to ACL-protected
: > data go through the ACL mechanism, and that ACLfs remains consistent
: > with the file-system underneath it.

: Check out the "OVERLAY" layered file system. I designed it for just this
: reason.

Note that all this talk about lifting ACL mechanisms solely to a layered
filesystem level (instead of ffs) does leave out a very important point:
There has been, more than once, expressed desire to interoperate with the
4.3BSD-with-ACLs ffs used by Solaris 2.5+, even if only such that we could
write to the filesystem without clobbering all the ACLs.

If ACL manipulation is a function of the VFS calls, it should be possible to
have both a layered *and* ffs-level implementation.  Both have specific,
distinct advantages, and the actual place where ACL read/write is
implemented wouldn't matter to vfs.

Note that the ffs implementation need not necessarily have any ACL options
enabled in the kernel config.  As it stands today, we corrupt Solaris
filesystems with ACLs, so if we corrupt NetBSD-with-ACL ffs filesystems when
support isn't included, it'd be no different.  (That's a little
tongue-in-cheek; we may want the ability to keep ffs ACLs from being
corrupted, even if not actually handled.  8-)

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  Wasabi NetBSD:  Run with it.
-- NetBSD 1.5 now available on CD-ROM  --  http://www.wasabisystems.com/