Re: ACL Permission Question

To:	XFS list <linux-xfs@xxxxxxxxxxx>
Subject:	Re: ACL Permission Question
From:	jtrostel@xxxxxxxxxxxxxx
Date:	Sun, 26 Aug 2001 23:20:24 -0400 (EDT)
Cc:	List Account <listac@xxxxxxxxxxxxxxxx>
In-reply-to:	<20010827134318.B125742@xxxxxxxxxxxxxxxxxxxxxxx>
Organization:	Snap Appliances
Reply-to:	jtrostel@xxxxxxxxxxxxxx
Sender:	owner-linux-xfs@xxxxxxxxxxx

Yes, as Tim says we have made a patch which extends ACLs to include 'delete',
'change permissions', and 'take ownership'.  I have gotten all but 'take
ownership' to work fairly well with SAMBA.

You might want to keep in mind that these permissions do fairly unexpected
things to people and programs which expect 'normal' rwx-type behavior.  For
instance, you might have 'rwx' permissions but NOT be able to delete the file. 
You might be the owner and not be able to delete the file (until you change the
'delete' ACL of course). 

for example:

[jt@jtsdell xfs_part]$ touch test.txt
[jt@jtsdell xfs_part]$ ls -l test.txt 
-rw-rw-rw-    1 jt       jt              0 Aug 26 23:15 test.txt
[jt@jtsdell xfs_part]$ chmod o+rwx test.txt 
[jt@jtsdell xfs_part]$ ls -l test.txt 
-rw-rw-rwx    1 jt       jt              0 Aug 26 23:15 test.txt
[jt@jtsdell xfs_part]$ chacl -l test.txt 
test.txt [u::rw----,g::rwxdpo,o::rwx---,m::rw----]
[jt@jtsdell xfs_part]$ rm test.txt
rm: cannot unlink `test.txt': Permission denied

so, the owner needs to change the ACLs to actually allow deletion (even by
'owner')

[jt@jtsdell xfs_part]$ chacl u::rwxdpo,g::rwxdpo,o::rw----,m::rw---- test.txt
[jt@jtsdell xfs_part]$ rm test.txt
[jt@jtsdell xfs_part]$ 

Various other 'unexpected' behaviors can also occur.  For this reason, this
patch is in neither the mainstream XFS or in the mainstream SAMBA CVS trees.

P.S.  Connex has been acquired by Snap.... see the new e-mail address ;->

P.P.S I have the patches implemented up to 2.4.9pre4 so far.

On 27-Aug-2001 Timothy Shimmin wrote:
> Hi Thomas,
> 
> On Sat, Aug 25, 2001 at 02:10:46PM +0200, List Account wrote:
>> Hi,
>> 
>> I wonder wether it is possible with XFS and ACLs to allow a group to 
>> write (copy, ...) a file into a folder (and subfolders thereof), but not 
>> delete files out of the folder(s). Basically, one may just put in the 
>> bucket, but not take out anything.
>> 
> I don't believe so.
> The ACLs only use the standard permissions of rwx.
> However, I believe Connex do have a patch for extended ACLs with
> extra permissions (including deletion):
>     "Change Permission", "Delete", and "Change Ownership".
> John Trostel (jtrostel@xxxxxxxxxxxxxx) informed me of their patch.
> 
> 
> BTW, general questions about ACLs (not XFS specific) are usually 
> best directed at the  ACL mailing list.
>     web site:          http://acl.bestbits.at/
>     mail subscription: http://acl.bestbits.at/mailman/listinfo/acl-devel
> 
> Cheers,
> Tim.

-- 
John M. Trostel
Senior Software Engineer
Quantum / SnapAppliances
jtrostel@xxxxxxxxxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Tera-Byte+ fileservers, (continued) Re: Tera-Byte+ fileservers, Bryan-TheBS-Smith Re: Tera-Byte+ fileservers, Seth Mos Re: Tera-Byte+ fileservers, Bryan-TheBS-Smith Re: Tera-Byte+ fileservers, Federico Sevilla III Re: Tera-Byte+ fileservers, Seth Mos APIC, NMI Watchdog, Federico Sevilla III Re: Tera-Byte+ fileservers, Ragnar Kjørstad Message not available Re: Tera-Byte+ fileservers, pac ACL Permission Question, List Account Re: ACL Permission Question, Timothy Shimmin Re: ACL Permission Question, jtrostel <=

Previous by Date:	Re: ACL Permission Question, Timothy Shimmin
Next by Date:	"getfh failed" again, Martin Apel
Previous by Thread:	Re: ACL Permission Question, Timothy Shimmin
Next by Thread:	corruption of in-memory data, Florin Andrei
Indexes:	[Date] [Thread] [Top] [All Lists]