Current approaches to ACL handling

simo idra at samba.org
Mon Oct 1 13:45:46 MDT 2012 

On Mon, 2012-10-01 at 14:26 -0500, Christopher R. Hertel wrote:
> On 10/01/2012 02:22 PM, simo wrote:
> > On Mon, 2012-10-01 at 12:19 -0700, ronnie sahlberg wrote:
> >> On Mon, Oct 1, 2012 at 11:57 AM, Christopher R. Hertel <crh at ubiqx.mn.org> wrote:
> >>> On 10/01/2012 01:52 PM, Jeremy Allison wrote:
> >>>>
> >>>> On Mon, Oct 01, 2012 at 02:42:51PM -0400, simo wrote:
> >>>>>
> >>>>> On Mon, 2012-10-01 at 13:28 -0500, Christopher R. Hertel wrote:
> >>>>>>
> >>>>>> What are the current best practices for ACL handling?
> >>>>>>
> >>>>>> To my knowledge, it's using EAs to store the ACLs.  Is there any
> >>>>>> in-depth
> >>>>>> documentation on this implementation?  Are there any other mechanisms in
> >>>>>> use?
> >>>>>
> >>>>>
> >>>>> We store the Windows ACL in an EA and a matching posix ACL translation
> >>>>> on the file, plus a sha hash of the ACL so we can be sure they are in
> >>>>> sync.
> >>>>>
> >>>>> I am not aware of any other doc beyond the code.
> >>>>
> >>>>
> >>>> Well there are some SambaXP talks on it I did a while ago :-).
> >>>>
> >>>> Sorry.
> >>>
> >>>
> >>> I'll look at the code and your talks.  Those are the kinds of pointers I
> >>> needed.
> >>>
> >>> Is there any reason to even consider the possibility of thinking about
> >>> pondering the idea of toying with the concept of somehow using TDB (CTDB) to
> >>> manage ACLs, or is that not a particularly rational approach?
> >>
> >> I think TDBs would be problematic since with one permanent record for
> >> each file, and say
> >> a few billion files, the TDB would become huge. As in >>TB size huge.
> >>
> >> You would also have the problem of single point of failure.  That TDB
> >> file goes bad, you now lost all ACLs for all your files.
> >
> > Backups would also be problematic, ACLs and actual files would end up
> > being backed up at potentially very different times, allowing for
> > incomplete or mismatching backups of ACLs.
> 
> All good reasons against.
> 
> ...so now I just need to ensure the consistency of EA's across a cluster.  :)

You need to anyway if you want to handle stuff like SELinux labels at
any point in time.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list