Re: Linux ACLs

[Mark . Burgess]

On 26 Oct, Sven Mueller wrote:
> Philippe [u] wrote on 26/10/2004 20:39:
>>>Are you looking at the POSIX 1003.1e ACLs in the ext2/3 filesystem or SE
>>>Linux stuff?
>> 
>> 
>> I thought the Linux ACL followed the Posix recommendations. This was 
>> discussed a couple of weeks ago with Mark. I think Mark has considered 
>> looking the Linux ACL API seriously.
> 
> There are two types of ACLs in Linux:
> 1) Filesystem ACLs, which should follow POSIX ACL recommendations
>     pretty closely.
> 2) Process ACLs (what resources process X of user Y is allowed to use)
>     which are a non-POSIX thing only available in SE Linux kernels
> 
> I think Mark wanted to look at (1) but actually looked at (2). ;-)
> Not sure though, as I didn't write anything but scripts for ACLs (and 
> those only for (1)).
> 
> cu,
> sven



What makes you think I looked at the wrong thing?
I was not looking at process ACLs or capabilites. The file ACL
stuff does not seem to make sense of itself. The best refs I
found are:

http://www.suse.de/~agruen/acl/linux-acls/online/
http://acl.bestbits.at/

This disticnguishes NFS acls and posix acls but not clearly.

What I see is that these refer to <sys/acl.h> and a set of strange
API functions, but these files do not exist. Instead I find posixacl.h
and xattr.h which seem unrelated.


M