ACLs on Digital Unix

Michael Davidson michael_davidson at pacbell.net
Thu Jul 26 06:41:18 GMT 2001 

Axel Thimm wrote:
>  
> is anyone working on ACLs for OSF1/TruUnix systems, perhaps someone from 
> Compaq?
>  
> Back in february I gave it a try but stumbled already at the first used
> function (acl_get_entry, see below). We now checked with most recent SAMBA_2_2
> CVS and osf1-5.1 - nothing really changed.
> 
> The funny thing is that OSF1 claims to have POSIX ACLs and even quotes a later
> (?) draft of the POSIX (dumped) standard. Does anyone know, if this task is
> feasible for non ACL-professionals (if there isn't already a project on ACLs
> on OSF1)?
> 

I just took a quick look at the documentation on Compaq's web
site and it looks as though it should be fairly simple to add
ACL support for Tru64.

According to the Compaq documentation, their ACL interface is
based on Draft 13 of the POSIX standard - the interface used by
Samba is based on Draft 16 so there are a few small differences
but nothing that should be too hard to fix.

As you already noticed, acl_get_entry() is different - draft 16
has an acl_get_entry() function which takes 3 parameters and
combines the functionality of draft 13's acl_first_entry() and
acl_get_entry().

So, sys_acl_get_entry() would have to look something like:

int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
{
	SMB_ACL_ENTRY_T	ent;
	int		ret;

        if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
                errno = EINVAL;
                return -1;
        }

        if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(acl_d) != 0) {
         	return -1;       
        }

	errno = 0;
	if ((ent = acl_get_entry(acl_d)) != NULL) {
		*entry_p = ent;
		ret = 1;
	} else {
		ret = errno ? -1 : 0;
	}

	return ret;
}

draft 16 has acl_clear_perms() while draft 13 had acl_clear_perm()
- different spelling but the same functionality

... and you will need to implement your own version of the
non-standard but useful acl_get_perm() to check whether a
particular permission is set in a permset - should be quite
simple if you look in sys/acl.h and figure out how individual
permissions as stored in a permset.

More information about the samba-technical mailing list