ACLs in 2.2 for non-ACL aware file systems

Craig Hughes csh at grailtech.com
Tue Mar 6 20:19:28 GMT 2001 

Chris,

Some UNIX variants support stackable file systems, which allow you to add
interesting features such as encryption or compression without messing with
the underlying file system. I'll check into this and see if ACLs could be
tied in to this feature. Using the VFS layer in Samba might result in a more
portable version though (especially if the metadata ends up being stored in
files). I feel a potential project coming on........

Craig


-----Original Message-----
From: Christopher R. Hertel [mailto:crh at nts.umn.edu]
Sent: Tuesday, March 06, 2001 3:17 PM
To: Craig Hughes
Cc: samba-technical at samba.org
Subject: Re: ACLs in 2.2 for non-ACL aware file systems


This would only work if one could guarantee that no one would access the
files directly.  That is, via FFS or MFS.  Their would need to be a
guarantee that the filesystem could only be accessed via Samba otherwise
the ACLs would not be maintained in sync with the files in the filesystem.

Having said that I can imagine products, such as appliance boxes, that
could make such a guarantee.  So someone could write a VFS layer that
used FFS, MFS, EXT2, or whatever and stored the ACL information in a file
on that underlying filesystem.

Several months ago I suggested something like this, but at a lower layer.
The idea was to write a wrapper filesystem on top of something like EXT2
or BSD FFS, and then mount the wrapper instead of the underlying system.
My hope was that tools that operate on the underlying system (fsck, etc.)
would not have to be completely rewitten in order to operate on the
layered OS.

Chris -)-----

[Charset iso-8859-1 unsupported, filtering to ASCII...]
>
> Does anyone know if there is any work being done on ACL management for
file
> systems such as FFS or RAM Disk file systems (such as MFS) that don't know
> anything other than standard UNIX ACL control? I'd imagine the ACL
meta-data
> would have to be stored in files that would not be 'seen' by any client
> (i.e. Samba wouldn't offer them as part of the directory list).
>
> Many thanks,
>
> Craig Hughes
>
>


--
Christopher R. Hertel -)-----                   University of Minnesota
crh at nts.umn.edu              Networking and Telecommunications Services

    Ideals are like stars; you will not succeed in touching them
    with your hands...you choose them as your guides, and following
    them you will reach your destiny.  --Carl Schultz

More information about the samba-technical mailing list