On Mon, 12 Mar 2001, Greywolf wrote:

> On Mon, 12 Mar 2001, Bill Studenmund wrote:
> 
> # No, we won't. We already have VOP_ACCESS(), which determines if you have
> # read, write, or exec privileges. To add ACL support, all we need to do is
> # add the extra flags whatever ACL method we use adds.
> 
> Okay, so how do we then handle modification of the ACL?  VOP_ACCESS()
> only handles the access on the file; it does not do manipulation of
> the access controls.

Doh, yes, there is that. :-) While I think one VOP could do it, I'd say
let's look at what other OSs are doing (especially NFS) and do something
not too far off of that.

> # I doubt we will need to impliment a new ffs. We may come up with a file
> # system which has a different magic number (thought bumping the superblock
> # and inode numbers is more likely), but I suspect it will be 95% to 99%
> # ffs.
> 
> ...which means we will have 95% to 99% data integrity and portability
> between two differing systems.  We need to be able to do this in a
> portable way, if at all possible.  If my system craps out, I may need
> to migrate disks or do a sysinst kind of deal, and ACL may not be
> compiled into the kernel, in which case I'm screwed, barring asking
> someone else to compile an ACL kernel for me (and then figuring out
> how to get the damned thing up in single-user mode &c.).

Hmmm... I think we're getting to the point where we need emergency disks
(see discussions about removing restore from install media for space
savings). So ACL support would need to be in there.

On the disk migrating, well, if you use a non-GENERIC file system (not
enabled by default in GENERIC) or you tweak kernels and turn off file
systems you use on other machines, or you have different-endian machines
and don't have FFS_EI, you already hit the same incompatabilities. :-)
Yes, you're right they are there. But we already have similar problems
where folks need to be careful.

> And it also needs to be portable such that if I decide to DEactivate
> ACLs at some later date, my filesystem won't be hosed, I can reclaim
> the used ACL space and run ffs-plain without having to rebuild my
> fs.

At least with the ideas rattling around in my head, a userland utility
would probably be able to do this. It's like downgrading ffs versions. :-)

Take care,

Bill