Current approaches to ACL handling
Christopher R. Hertel
crh at ubiqx.mn.org
Wed Oct 3 13:48:00 MDT 2012
On 10/03/2012 08:48 AM, J. Bruce Fields wrote:
> On Mon, Oct 01, 2012 at 02:36:20PM -0500, Christopher R. Hertel wrote:
>> On 10/01/2012 02:27 PM, Scott Lovenberg wrote:
>>> While we're all playing this game, I'll chime in with performance of a
>>> userland database versus in kernel structures and extra context
>>> switching. :)
>> Hey, you get RichACLs into the kernel and we'll be happy to use 'em. :)
>> Even if EA's in are in the file system, we still need to read them
>> out and process them in userland. I think there are a few small
>> dragons to be dealt with there, particularly across a cluster.
> As there are for the actual file data and normal attributes. Yes, there
> may well be bugs, but they're filesystem bugs....
I meant that enforcing ACLs that are stored in EAs requires reading them
into userspace and enforcing them there. It's not a filesystem issue, it's
a problem of synchronizing the interpretation of the meta-data between
multiple processes (possibly across multiple machines) and the kernel(s).
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical