ACLs' (Was: Ext3 filesystem info? )

kuznet@ms2.inr.ac.ru (bennett@research.oneworld.com)
Fri, 24 Sep 1999 10:11:44 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Bacarella: "Re: Ext3 filesystem info?"
Previous message: kuznet@ms2.inr.ac.ru: "Re: Headerless packets hitting ethernet?"

Does the notion of a generic ACL interface in the VFS layer bother
anyone else?

ACLs are nice and everything, and when you need them, there is no
substitute.

But on all of our machines, the vast majority of files need only the
simple, traditional access control mechanisms. Indeed, ACLs for them
would be a security headache.

I've heard that Sun and HP both have security issues because of the
increased complexity in their file systems.

So my question is:

Do the benefits of a generic ACL interface in the VFS layer (should
any exist) justify the increased complexity in the kernel and the
poential increase complexity of secure operation?

Thanks.

-Erik

p.s.

Before you answer (should anyone decide to):

1 - I recognize that no one suggested ACLs for everything.

2 - I recognize that above I said, "on all of our machines", a
somewhat limited sample size.

3 - I recognize that I have no hard data to support my claims about
Sun and HP ACL security trouble. I've only heard of difficulties.

> "Stephen C. Tweedie" wrote:
> >
> > Hi,
> >
> > On Tue, 21 Sep 1999 12:13:28 +0200, Helge Hafting
> > <helge.hafting@idb.hist.no> said:
> >
> > > Seems to me that some of this can be solved with a good generic
> > > ACL interface in the VFS. Various filesystems may then implement
> > > more or less of the VFS interface depending on what they support.
> > > Just as some filesystems implement links and some don't.
> >
> > ACLs are just far too varied to be combined effectively in a single
> > API. We support distributed filesystems like AFS in which the server's
> > notion of who a user is is completely foreign to the kernel's uid/gid
> > scheme: how do you propose to identify such users when manipulating AFS
> > ACLs?
>
> I was thinking of local filesystems. If some filesystem have ACLs very
> different from what we find useful in a generic VFS interface, then it
> cannot be integrated. The VFS would then have to pass ACL operations to
> the
> fs driver unhandled, or the fs might need its own set of ACL tools
> using ioctl.
>
> Helge Hafting
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/

-Erik

Erik Bennett bennett@corp.oneworld.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Bacarella: "Re: Ext3 filesystem info?"
Previous message: kuznet@ms2.inr.ac.ru: "Re: Headerless packets hitting ethernet?"