Howdy, I''m curious if there is any plans to add extended acls ala AFS? The reason I ask is that it seems in Linux we don''t seem have moved off of POSIX style acls and I think there is definitely at least from my perspective that having a richer set of acl would be needed. For instance, we would need acls to deal with controlled countries if we are sharing data with them etc. It is a big shame that there is no RFC for extended ACLs. Also, I would like to help out with development, I''m a newbie as far as kernel level hacking goes. If there is a place I can go that I can start off small that would be lovely. sri -- -- Sriram Ramkrishna (sriram.ramkrishna_@@_@.gmail.com (remove _@@_) -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, May 19, 2009 at 09:50:42AM -0700, Sriram Ramkrishna wrote:> Howdy, > > I''m curious if there is any plans to add extended acls ala AFS? The > reason I ask is that it seems in Linux we don''t seem have moved off of > POSIX style acls and I think there is definitely at least from my > perspective that having a richer set of acl would be needed. For > instance, we would need acls to deal with controlled countries if we > are sharing data with them etc. It is a big shame that there is no > RFC for extended ACLs. > > Also, I would like to help out with development, I''m a newbie as far > as kernel level hacking goes. If there is a place I can go that I can > start off small that would be lovely. >Extending ACLs beyond POSIX ACLs is a more generic topic that should probably be discussed elsewhere, perhaps linux-fsdevel. Its not going to do much good to implement yet another extended ACL implementation in BTRFS if no other Linux fs has the ability to use the same feature, so figuring out the details of extending ACLs should be done before doing them in btrfs. Thanks, Josef -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Josef, Thanks, I will take it to linux-fsdevel. sri On Tue, May 19, 2009 at 11:06 AM, Josef Bacik <josef@redhat.com> wrote:> On Tue, May 19, 2009 at 09:50:42AM -0700, Sriram Ramkrishna wrote: >> Howdy, >> >> I''m curious if there is any plans to add extended acls ala AFS? The >> reason I ask is that it seems in Linux we don''t seem have moved off of >> POSIX style acls and I think there is definitely at least from my >> perspective that having a richer set of acl would be needed. For >> instance, we would need acls to deal with controlled countries if we >> are sharing data with them etc. It is a big shame that there is no >> RFC for extended ACLs. >> >> Also, I would like to help out with development, I''m a newbie as far >> as kernel level hacking goes. If there is a place I can go that I can >> start off small that would be lovely. >> > > Extending ACLs beyond POSIX ACLs is a more generic topic that should probably be > discussed elsewhere, perhaps linux-fsdevel. Its not going to do much good to > implement yet another extended ACL implementation in BTRFS if no other Linux fs > has the ability to use the same feature, so figuring out the details of > extending ACLs should be done before doing them in btrfs. Thanks, > > Josef >-- -- Sriram Ramkrishna (sriram.ramkrishna_@@_@.gmail.com (remove _@@_) -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, May 19, 2009 at 02:06:08PM -0400, Josef Bacik wrote:> On Tue, May 19, 2009 at 09:50:42AM -0700, Sriram Ramkrishna wrote: > > Howdy, > > > > I''m curious if there is any plans to add extended acls ala AFS? The > > reason I ask is that it seems in Linux we don''t seem have moved off of > > POSIX style acls and I think there is definitely at least from my > > perspective that having a richer set of acl would be needed. For > > instance, we would need acls to deal with controlled countries if we > > are sharing data with them etc. It is a big shame that there is no > > RFC for extended ACLs. > > > > Also, I would like to help out with development, I''m a newbie as far > > as kernel level hacking goes. If there is a place I can go that I can > > start off small that would be lovely. > > > > Extending ACLs beyond POSIX ACLs is a more generic topic that should probably be > discussed elsewhere, perhaps linux-fsdevel. Its not going to do much good to > implement yet another extended ACL implementation in BTRFS if no other Linux fs > has the ability to use the same feature, so figuring out the details of > extending ACLs should be done before doing them in btrfs. Thanks, >I''d agree with this. The idea behind the btrfs acl/xattr implementation is to be generic enough to support whatever new ideas people come up with. But, I don''t intend on driving new acl frameworks through btrfs before they are available in other filesystems. -chris -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
I would suggest another step is more important than starting with fsdev. You need to talk to the security people. There is no point in storing and fetching ACLs if there is no mechanism to operate on them. filesystems don''t create security policies. jim -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tuesday 19 May 2009, Sriram Ramkrishna wrote:> > I''m curious if there is any plans to add extended acls ala AFS? The > reason I ask is that it seems in Linux we don''t seem have moved off of > POSIX style acls and I think there is definitely at least from my > perspective that having a richer set of acl would be needed. For > instance, we would need acls to deal with controlled countries if we > are sharing data with them etc. It is a big shame that there is no > RFC for extended ACLs. >Hi, As other people on this list have already said, the right implementation might not be through BTRFS. But IMHO if you are looking at extended ACLs beyond what is already provided by many linux filesystems, you could look at NFS4 ACLs, which have semantics which should fit Linux and Posix better than AFS ACLs. Also, AFS ACLs being per directory and not per file, would be less flexible than NFS4''s. Regards Cláudio -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html