Current approaches to ACL handling

J. Bruce Fields bfields at
Wed Oct 3 14:29:02 MDT 2012

On Wed, Oct 03, 2012 at 02:48:00PM -0500, Christopher R. Hertel wrote:
> On 10/03/2012 08:48 AM, J. Bruce Fields wrote:
> >On Mon, Oct 01, 2012 at 02:36:20PM -0500, Christopher R. Hertel wrote:
> >>On 10/01/2012 02:27 PM, Scott Lovenberg wrote:
> >>:
> >>>While we're all playing this game, I'll chime in with performance of a
> >>>userland database versus in kernel structures and extra context
> >>>switching. :)
> >>
> >>Hey, you get RichACLs into the kernel and we'll be happy to use 'em.  :)
> >>
> >>Even if EA's in are in the file system, we still need to read them
> >>out and process them in userland.  I think there are a few small
> >>dragons to be dealt with there, particularly across a cluster.
> >
> >As there are for the actual file data and normal attributes.  Yes, there
> >may well be bugs, but they're filesystem bugs....
> I meant that enforcing ACLs that are stored in EAs requires reading
> them into userspace and enforcing them there.  It's not a filesystem
> issue, it's a problem of synchronizing the interpretation of the
> meta-data between multiple processes (possibly across multiple
> machines) and the kernel(s).

I thought Samba depended on the posix acl for enforcement?  Or does it
do both?


More information about the samba-technical mailing list