help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux ACLs


From: John Valdes
Subject: Re: Linux ACLs
Date: Tue, 26 Oct 2004 22:34:59 -0500
User-agent: Mutt/1.2.5i

On Tue, Oct 26, 2004 at 09:22:51PM +0200, address@hidden wrote:
> 
> On 26 Oct, Philippe wrote:
> > 
> >> Are you looking at the POSIX 1003.1e ACLs in the ext2/3 filesystem or SE
> >> Linux stuff?
> > 
> > I thought the Linux ACL followed the Posix recommendations. This was 
> > discussed a couple of weeks ago with Mark. I think Mark has considered 
> > looking the Linux ACL API seriously.
> 
> I searched high and low for the POSIX API and it still does not make
> sense to me. There is no real documentation and the little I have
> found does not agree with what I find on my own systems, so I
> don't know what to do yet.

I've only taken a cursory look at Linux ACLs (and ACLs in general), so
the following may not be totally correct.  Solaris's & Linux's ACL
implementations have similar command interfaces (eg, "getfacl" and
"setfacl" commands w/ similar syntax & output), and for the most part
follow the POSIX 1003.2c ACL recommendations, but the ACL APIs used
are quite different.  Linux's seems to be modeled after that last (and
withdrawn) draft (17) of the POSIX 1003.1e recommendation.  From what
I've read, Solaris's API is based on an earlier and apparently much
simpler API.  

The primary repository of info on Linux's implementation of ACLs is
<http://acl.bestbits.at/>.  There are copies of all the relevant
manpages there (commands, system calls, and library functions), plus a
link to a paper presented at USENIX 2003 which talks about the state
of POSIX ACLs on Linux (<http://www.suse.de/~agruen/acl/linux-acls/>)
as of the time of writing.  There are also links to the POSIX draft
documents, FWTW.  The ACL patches and information presented on this
site are what were implemented in the 2.6 linux kernel (and in
SELinux), so regardless of what becomes of the POSIX ACL "standard",
it seems that this will be/is the Linux ACL standard (at least for
now; we are talking about Linux afterall ;) ).  Note that besides the
2.6 kernel, I believe RedHat >= 8.0 as well as newer versions of SuSE
at a minimum included ACL support in their shipping 2.4.x kernels.

BTW, the FreeBSD ACL API appears to be similar to the Linux API, and
I'm guessing that the Mac OS X API if/when that comes will follow the
FreeBSD one, so it looks like there'll be no avoiding the more
complicated API if one wants cross-platform ACL support in
cfengine... ;)

John

-------------------------------------------------------------------------
John Valdes                        Department of Astronomy & Astrophysics
address@hidden                                 University of Chicago




reply via email to

[Prev in Thread] Current Thread [Next in Thread]