Re: File System ACLs: Where to go from here in FreeBSD?
From: Allen (bsdlists_at_rfnj.org)
Date: 09/20/05
- Previous message: Robert Watson: "File System ACLs: Where to go from here in FreeBSD?"
- Maybe in reply to: Robert Watson: "File System ACLs: Where to go from here in FreeBSD?"
- Next in thread: Charles Swiger: "Re: File System ACLs: Where to go from here in FreeBSD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Sep 2005 17:46:12 -0400 To: freebsd-security@freebsd.org
Long message, excuse the butcher job.
On Sat, September 17, 2005 08:19, Robert Watson wrote:
>(b) We can consider a migration to NT/NFSv4-style ACLs, which is the route
> that Darwin has taken. They use the FreeBSD user space ACL library
> and POSIX.1e interfaces, but use ACLs with more NT-like semantics.
> In particular, they have notions of taking ownership, slightly finer
> grained directory controls, etc. This is a lot of work.
>Option (b) is an interesting new choice as compared to 1999, when NTFS
>ACLs were in the distinct minority in terms of the syntax and semantics
>they offered. However, they become much more appealing if we consider
>that there appears to be a much clearer mapping from NTFS ACLs to NFSv4
>ACLs than there is from POSIX.1e ACLs to NFSv4 ACLs. And the fact that
>Mike Smith at Apple has taken the time to make it sit behind our library
>for the Darwin implementation on HFS+, etc, is also quite interesting.
>When I implemented the library, it was my hope that it would support that
>sort of thing, but we never actually tried :-).
>If we don't start considering a move to Darwin/NTFS ACLs, then we run into
>a problem when it comes to implementing NFSv4 ACLs: the mapping and
>behavior is rather poor and unclear.
From a personal standpoint, going the Darwin/NFSv4/NTFS path is more
desirable to me simply because most of the networks I work on are
BSD+NT networks. Since I have no Solaris, Linux, or OSX boxes on
them and don't use NFS, I'm happy as long as SMB support continues to
get better, so either way isn't of a great deal of concern to me.
My question is, given that mapping NFSv4 onto the existing POSIX
structure is possibly ambiguous, is the reverse also true? With NTFS
giving finer grained control, and the implication in your writing
that mapping NFSv4 onto Darwin/NTFS is trivial in comparison, is it
possible to make the native mode Darwin/NTFS compatible and then map
the POSIX side onto that?
My very informal investigation of POSIX.1e leads me to believe that
implementation on a system with NTFS style ACLs and features would be
trivial compared to the reverse; Adding POSIX.1e to NT for example
strikes me as fairly easy.
It's also of passing interest that POSIX.1e never became a "true"
POSIX standard, is incomplete, and has been abandoned by IEEE; Down
that road lies even more cross-platform interoperability and
compatibility problems I would imagine, if parts of the draft are
open to interpretation.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Robert Watson: "File System ACLs: Where to go from here in FreeBSD?"
- Maybe in reply to: Robert Watson: "File System ACLs: Where to go from here in FreeBSD?"
- Next in thread: Charles Swiger: "Re: File System ACLs: Where to go from here in FreeBSD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
