[OpenAFS] ACLs and open-afs

Craig Everhart craigev@us.ibm.com
Thu, 10 Oct 2002 13:44:07 -0400




On Thursday, 10/10/2002 at 01:10 AST, "E.Spencer B." <m1esb00@frb.gov>
wrote:
> On Thu, 10 Oct 2002, Ray Link wrote:
> >
> > No, Solaris ACLs are UFS-only.  When attempting to use Solaris ACLs
> > within AFS, the acl(2) syscall fails with ENOSYS. According to errno.h,
> > that translates to "Unsupported file system operation".
>
> Sorry to hear this, has anyone tried to mod this behavior?

(appropriate disclaimers inserted)

Solaris ACLs are different from AFS ACLs.  The permission bits are
different, for one.  The callers of setfacl() and getfacl() wouldn't know
how to format the request to make it all into an AFS ACL (or to turn the
AFS ACL into a Solaris ACL for display).  You wouldn't want it to try,
even, since it couldn't get it right, and you don't want to be making
security decisions based on inaccurate information.

> > Since AFS runs on multiple platforms, this wouldn't buy you much
anyways
> > if it worked.  What would happen to someone with, say, a Linux client
> > that has no notion of Solaris ACLs?
>
>
> Well, with Solaris ACLs and non-Solaris ACL interpreters like Linux, the
> Solaris ACLs are honored (permissions granted or not granted depending on
> the Solaris ACL), but you cannot set them from non-Solaris ACL
> interpreters like Linux from an NFS mounted Solaris exported filesystem.

You're always working with the back-most file system's understanding of
access control.  So, yes, for a Solaris local filesystem, this is Solaris
with its ACL interpretation, even if the access to that filesystem is being
granted via NFS.  For AFS, the AFS filesystem format (including ACL format)
is inherently its own (and not the same of its host's native filesystem),
including the understanding of the users and groups who may be named on an
ACL, the permissions that may be granted or restricted on an ACL, the
evaluation-order rules, interactions with umask(), and so forth.  So you'd
expect that the clients would assist in carrying out the AFS filesystem's
security structure.  This isn't the same as Solaris ACLs, so it seems a
mis-match to expect that Solaris ACL-viewing and ACL-editing tools would be
applicable to AFS ACLs, even though they both use the same spelling of the
acronym ACL.

            Craig

Craig Everhart