POSIX ACL on the wire format.

Mike Gigante mg at sgi.com
Thu Aug 19 00:43:10 GMT 2004 

Jeremy, I fwd'd this to our local ACL expert, Nathan Scott - who
is also the Linux XFS maintainer.

Here is what he had to say:


-----Original Message-----
From: Nathan Scott 
Sent: Thursday, 19 August 2004 11:09 AM
Subject: Re: FW: POSIX ACL on the wire format.


Looks like that would work fine for XFS and the Linux interfaces
in general.

> ...
> Thoughts anyone (especially Steve :-) ? How easy
> would this be to map the Linux kernel get/set ACL 
> calls into ?
> 
> Jeremy.

-- 
Nathan

-----Original Message-----
From: samba-technical-bounces+mg=sgi.com at lists.samba.org
[mailto:samba-technical-bounces+mg=sgi.com at lists.samba.org]On Behalf Of
Jeremy Allison
Sent: Thursday, 19 August 2004 8:30 AM
To: linux-cifs-client at lists.samba.org
Cc: jra at samba.org; samba-technical at samba.org
Subject: POSIX ACL on the wire format.


Ok, here are my first thoughts on an on the wire POSIX ACL
format. All entries are in little-endian format.

[2 bytes]              -     Number of ACE entries to follow.
[2 bytes]              -     Number of default ACE entries to follow.
-------------------------------------
^
|
ACE entries
|
v
-------------------------------------
^
|
Default ACE entries
|
v
-------------------------------------

Where an ACE entry will look like :

[1 byte]           - Entry type.

Entry types are :

ACL_USER_OBJ            0x01
ACL_USER                0x02
ACL_GROUP_OBJ           0x04
ACL_GROUP               0x08
ACL_MASK                0x10
ACL_OTHER               0x20

[1 byte]          - permissions (perm_t)

perm_t types are :

ACL_READ                0x04
ACL_WRITE               0x02
ACL_EXECUTE             0x01

[8 bytes]         - uid/gid to apply this permission to.

In the same format as the uid/gid fields in the other
UNIX extensions definitions. Use 0xFFFFFFFFFFFFFFFF for
the MASK and OTHER entry types.

This way we only need 1 extra trans2 value :
SMB_SET_UNIX_POSIX_ACL which can be the same as
SMB_GET_UNIX_POSIX_ACL - used on both get and set
trans2 operations. I propose 0x204 for this info
level.

Thoughts anyone (especially Steve :-) ? How easy
would this be to map the Linux kernel get/set ACL 
calls into ?

Jeremy.

More information about the samba-technical mailing list