LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Doesn't go far enough for file servers

Doesn't go far enough for file servers

Posted Jun 4, 2012 13:16 UTC (Mon) by nix (subscriber, #2304)
In reply to: Doesn't go far enough for file servers by raven667
Parent article: User and group mount options for ext filesystems

The problem with the system quotemstr describes is that it is path-dependent: if you look at the inherited set of ACLs attached to some directory, you cannot use it to determine what the properties of files underneath are likely to be unless you know the history of those files (which is not recorded anywhere). Worse yet, files *outside* that directory may have been affected by its ACL, as long as they were at one point within that directory -- or, rather, they would have been affected by whatever ACL it had at that point (it may have been changed, but the moved-out file's ACL would not have changed).

Thus, you cannot look at the limited set of ACLs attached directly to files and their inherited permission set to figure out what their actual ACLs are: you have to look at the whole, huge, set for every single file, because the inheritance is a thin layer atop that implementation, and the underlying layer shows through (though that it shows through on non-GUI file moves is particularly shoddy).

(Log in to post comments)

Doesn't go far enough for file servers

Posted Jun 4, 2012 13:33 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

You just need to know parent directory's ACL and file's ACL. No need for anything more significant.

Windows ACLs are a PITA - they're so complicated that one needs a PhD in aclology too understand them completely. But they actually allow several very useful use-cases that depend on ACL inheritance.

In general, I like Unix permission bits for static structures (like /usr or /var filesystems) but I absolutely hate them for shared dynamic directories.

Doesn't go far enough for file servers

Posted Jun 4, 2012 18:12 UTC (Mon) by nix (subscriber, #2304) [Link]

You just need to know parent directory's ACL and file's ACL. No need for anything more significant.
As I pointed out, for Windows ACLs, that is not true: you need to know the mv history of the file and (since files might have been moved out of and then back into directories with inherited ACLs) the ACL history of all directories it has moved into over its lifetime as well. None of this information is recorded anywhere.

Doesn't go far enough for file servers

Posted Jun 4, 2012 18:42 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

Why? Moving a file simply changes its ACLs. No need to track them for the whole lifetime of the file.

Doesn't go far enough for file servers

Posted Jun 6, 2012 17:33 UTC (Wed) by nix (subscriber, #2304) [Link]

As was pointed out a few posts up, moving a file does *not* change its ACLs unless you do the move *from the GUI*. A command-line move leaves the ACLs unchanged, and does not respect inherited ACLs (i.e. inherited ACLs are not really part of the permission system but are a hack implemented at the GUI level). Thus the problems I mentioned.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds