[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux ACLs

From: Mark . Burgess
Subject: Re: Linux ACLs
Date: Wed, 27 Oct 2004 08:12:33 +0200 (MEST)

Thank you to everyone who has dug up info. This seems to confirm my
findings. It will be more work to implement these acls, but hopefully
we should be able to do it. Perhaps I can persuade a student to do it as a 


On 26 Oct, John Valdes wrote:
> On Tue, Oct 26, 2004 at 09:22:51PM +0200, address@hidden wrote:
>> On 26 Oct, Philippe wrote:
>> > 
>> >> Are you looking at the POSIX 1003.1e ACLs in the ext2/3 filesystem or SE
>> >> Linux stuff?
>> > 
>> > I thought the Linux ACL followed the Posix recommendations. This was 
>> > discussed a couple of weeks ago with Mark. I think Mark has considered 
>> > looking the Linux ACL API seriously.
>> I searched high and low for the POSIX API and it still does not make
>> sense to me. There is no real documentation and the little I have
>> found does not agree with what I find on my own systems, so I
>> don't know what to do yet.
> I've only taken a cursory look at Linux ACLs (and ACLs in general), so
> the following may not be totally correct.  Solaris's & Linux's ACL
> implementations have similar command interfaces (eg, "getfacl" and
> "setfacl" commands w/ similar syntax & output), and for the most part
> follow the POSIX 1003.2c ACL recommendations, but the ACL APIs used
> are quite different.  Linux's seems to be modeled after that last (and
> withdrawn) draft (17) of the POSIX 1003.1e recommendation.  From what
> I've read, Solaris's API is based on an earlier and apparently much
> simpler API.  
> The primary repository of info on Linux's implementation of ACLs is
> <>.  There are copies of all the relevant
> manpages there (commands, system calls, and library functions), plus a
> link to a paper presented at USENIX 2003 which talks about the state
> of POSIX ACLs on Linux (<>)
> as of the time of writing.  There are also links to the POSIX draft
> documents, FWTW.  The ACL patches and information presented on this
> site are what were implemented in the 2.6 linux kernel (and in
> SELinux), so regardless of what becomes of the POSIX ACL "standard",
> it seems that this will be/is the Linux ACL standard (at least for
> now; we are talking about Linux afterall ;) ).  Note that besides the
> 2.6 kernel, I believe RedHat >= 8.0 as well as newer versions of SuSE
> at a minimum included ACL support in their shipping 2.4.x kernels.
> BTW, the FreeBSD ACL API appears to be similar to the Linux API, and
> I'm guessing that the Mac OS X API if/when that comes will follow the
> FreeBSD one, so it looks like there'll be no avoiding the more
> complicated API if one wants cross-platform ACL support in
> cfengine... ;)
> John
> -------------------------------------------------------------------------
> John Valdes                        Department of Astronomy & Astrophysics
> address@hidden                                 University of Chicago
> _______________________________________________
> Help-cfengine mailing list
> address@hidden

Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :

reply via email to

[Prev in Thread] Current Thread [Next in Thread]