Current approaches to ACL handling

Christopher R. Hertel crh at
Wed Oct 3 13:48:00 MDT 2012

On 10/03/2012 08:48 AM, J. Bruce Fields wrote:
> On Mon, Oct 01, 2012 at 02:36:20PM -0500, Christopher R. Hertel wrote:
>> On 10/01/2012 02:27 PM, Scott Lovenberg wrote:
>> :
>>> While we're all playing this game, I'll chime in with performance of a
>>> userland database versus in kernel structures and extra context
>>> switching. :)
>> Hey, you get RichACLs into the kernel and we'll be happy to use 'em.  :)
>> Even if EA's in are in the file system, we still need to read them
>> out and process them in userland.  I think there are a few small
>> dragons to be dealt with there, particularly across a cluster.
> As there are for the actual file data and normal attributes.  Yes, there
> may well be bugs, but they're filesystem bugs....

I meant that enforcing ACLs that are stored in EAs requires reading them 
into userspace and enforcing them there.  It's not a filesystem issue, it's 
a problem of synchronizing the interpretation of the meta-data between 
multiple processes (possibly across multiple machines) and the kernel(s).

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list