> > > Seems to me that some of this can be solved with a good generic
> > > ACL interface in the VFS. Various filesystems may then implement
> > > more or less of the VFS interface depending on what they support.
> > > Just as some filesystems implement links and some don't.
> >
> > ACLs are just far too varied to be combined effectively in a single
> > API. We support distributed filesystems like AFS in which the server's
> > notion of who a user is is completely foreign to the kernel's uid/gid
> > scheme: how do you propose to identify such users when manipulating AFS
> > ACLs?
>
> I know I'm dumb, but what does really vary? The semantics or the rights
> you may grant/revoke in the ACL? If it is "only" the semantic design and
> implementation shouldn't be difficult.
>
If I am understanding correctly the problem is not the permission mode bits.
I think it would be reasonably easy to come up with a common set of those.
The problem is making a common interface for determining which user/entity
those bits need to be set for. For example, how is it gonna know that
00008997-e0f0-21d0-8100-08005a4728f0, AFS ID 35223, and uid=500(haumont) are
all actually user 'haumont'. It gets even worse with groups, for example
haumont/admin, haumont:admin, and wheel should be the same group on my
machine.
Still, even a bad interface (char *, tell the filesystem you figure it out?)
would be better than nothing ...
Jeff
-- Jeff Haumont <haumont@acm.org>
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/