Current approaches to ACL handling
J. Bruce Fields
bfields at fieldses.org
Wed Oct 3 14:29:02 MDT 2012
On Wed, Oct 03, 2012 at 02:48:00PM -0500, Christopher R. Hertel wrote:
> On 10/03/2012 08:48 AM, J. Bruce Fields wrote:
> >On Mon, Oct 01, 2012 at 02:36:20PM -0500, Christopher R. Hertel wrote:
> >>On 10/01/2012 02:27 PM, Scott Lovenberg wrote:
> >>:
> >>>While we're all playing this game, I'll chime in with performance of a
> >>>userland database versus in kernel structures and extra context
> >>>switching. :)
> >>
> >>Hey, you get RichACLs into the kernel and we'll be happy to use 'em. :)
> >>
> >>Even if EA's in are in the file system, we still need to read them
> >>out and process them in userland. I think there are a few small
> >>dragons to be dealt with there, particularly across a cluster.
> >
> >As there are for the actual file data and normal attributes. Yes, there
> >may well be bugs, but they're filesystem bugs....
>
> I meant that enforcing ACLs that are stored in EAs requires reading
> them into userspace and enforcing them there. It's not a filesystem
> issue, it's a problem of synchronizing the interpretation of the
> meta-data between multiple processes (possibly across multiple
> machines) and the kernel(s).
I thought Samba depended on the posix acl for enforcement? Or does it
do both?
--b.
More information about the samba-technical
mailing list