tech-kern: Re: ACL's revisited

Subject: Re: ACL's revisited
To: Wojciech Puchar <wojtek@wojtek.3miasto.net>
From: Robert Elz <kre@munnari.OZ.AU>
List: tech-kern
Date: 08/26/2001 19:39:31
    Date:        Sun, 26 Aug 2001 14:07:31 +0200 (CEST)
    From:        Wojciech Puchar <wojtek@wojtek.3miasto.net>
    Message-ID:  <Pine.NEB.4.33.0108261404480.2244-100000@wojtek.3miasto.net>

  | i understand. for same acl definition one file could be shared (both in
  | disk and in memory)?

That's the idea yes.   The "in memory" is "in the buffer cache" (ie: UBC)
of course, just like directory data, etc - comes and goes as needed.

  | so maybe only extra machine word be sufficient per inode.

Could be that way, but to be more general, an associated type would be
useful, so two extra words.   Big surprise that the on disk inode format
has 2 spare words in it...  (There is a method to allow more than just
one associated file as well, a little crude, but functional).  Because there
are no incompatible changes to the on disk format, the worst that using
an ACL filesys on a non ACL kernel can do (ignoring the fact that ACLs would
not be honoured of course) is lose the ACL from files that are written
(when the in-core inode is updated on disk).  (Here, "ACL" == "associated
file" in the general case).

  | containing 0 if no acl is used, and "acl" inode number if it is
  | (which can be same for many file inodes).

Exactly.

  | acl inode can have the same data like normal file or
  | dir, but pointing to acl definition data instead of regular file data.

Yes, where the ACL file could be anything from a regular text file that
you edit with vi (or whatever) and the kernel parses as needed, to a
highly structured binary file, that can be altered only by root owned
processes, and which the kernel can then rely upon the format of.  I don't
care, ACL's were never a high priority for me, the general file system
extension is much more interesting.

  | this should make almost no slowdown if there is no acl used even with acl
  | compiled in,

That's my guess.  I'd think the slowdown would be smaller than for quotas,
as there's nothing to write, all this is read only in normal operation.
The "does not apply to this file" test should also be cheaper.

  | while config option could be made to not compile acl support at all.

Certainly.  And associated file support as well (that being necessary for
ACLs if they get implemented this way, but useful for other things as well).

kre