[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Extended Attributes and Access Control Lists

On Fri, Nov 02, 2001 at 02:02:28PM +0000, Stephen C. Tweedie wrote:
> Hi,
> On Thu, Nov 01, 2001 at 09:28:51PM -0700, Peter J. Braam wrote:
> > I'd like to just add my 2 cts worth to this:
> > 
> >  - sharing ACL's: for distributed file systems this is actually really
> >  useful since it means that a server could compute capabilities for a
> >  client based on the ACL id rather than doing it again and again which
> >  leads to efficient distributed authorization.
> Again, this brings up the problem of _where_ the different ACL
> API/ABIs live in the stack.
> If you want generic syscalls to access ACLs, then those syscalls
> cannot be expressed in terms of independent ACL cookies --- there
> already exist distributed filesystems which don't use cookies for
> their ACLs.
> If you are building the distributed filesystem on top of a specific
> local filesystem which exposes ACL sharing directly, _then_ it might
> be possible to do this.  Or, if you build your distributed
> filesystem's ACL mechanisms out of low-level generic EAs, you can
> implement the sharing yourself in the higher levels.  But the primary
> kernel ACL API really needs to support ACLs which are not necessarily
> cookie-based.

I completely agree with what you say. 

> >  - if you are building an inode v2 I have two wishes: store i_version
> >  on the disk and store the parent ino on the disk for
> >  directories. Both can considerably simplify file servers like knfsd
> We do.  i_generation 

i_generation != i_version, the latter is really a version
counter, the former is an incarnation counter -- completely different
viz-a-viz NFS for example.

>is held on disk in the inode, 
> and ".." is in the
> first directory data block

That's not what I want -- it's precisely the elimination of directory
data reads for .. that I want. 

- Peter -

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]