Very Computer

Does 4.5 now use access lists instead of file permissions for file security?
Thanks.

--

Peter Ong

http://www.haloflightleader.net
877-836-1827

No, access lists are perfectly useless given the strength and flexibility of
the permission system.  Also read the thread starting with:

If you want ACLs, I'm afraid you'll have to suffer Windows NT or VMS.  Don't
see why you'd ever need them though.

 - Philip

--

  You may be recognized soon.
  Hide!
  If they find you, lie.

[...]

Or Linux with XFS or with ext2 and the ACL patch. Or search for a
commercial Unix which supports them (VeritasFS for Solari/Unixware?).

Quote:> Don't see why you'd ever need them though.

Sometimes they come handy. But mostly you are right.

Quote:>  - Philip

Rainer

Solaris (and AFAIK almost every commersial Unix) supports
file access control lists on ufs without any third party
software. Try man setfacl on Solaris. Though not completely
useless, extensive use of ACL entries will slow down file
access very badly. Besides, I still have never needed them
even though I've had them available.

--
  Eino Tuominen

True ... getfacl(1) and setacl(1) are available, but like you, I've never
used them.  The syntax isn't exactly lucid either.  Also, I find that once you
start using ACLs, you stop 'thinking' about your filesystem, and use ACLs for
just about everything, which gradually slows your filesystem to a halt.  Now,
on an Enterprise with a StorEdge, 'gradually' is a very relative term, but on
a Blade or a SparcStation .........  And then extrapolate further to
i386-class machines which most people run BSD on.

 - Philip

--

  If one views his problem closely enough he will
  recoginize himself as part of the problem.

Hello!

 This flexibility is for admin only, regular users can not create groups,
don't forget it!

Quote:> If you want ACLs, I'm afraid you'll have to suffer Windows NT or VMS.  Don't
> see why you'd ever need them though.

 One can _suffer from_ WNT, but apparently cannot _enjoy_ VMS (unless (s)he
has VAX or Alpha CPU).

Sincerely, Dmitry

Atlantis ISP, System Administrator

nic-hdl: LYNX-RIPE

In the last exciting episode of comp.unix.bsd.freebsd.misc,
Peter Ong said:

Quote:> Does 4.5 now use access lists instead of file permissions for file security?

What gave you that idea?

5.0 may well do - see www.trustedbsd.org for more detail.

--
Quality Control, n.:
        The process of testing one out of every 1,000 units coming off
a production line to make sure that at least one out of 100 works.
Rasputin :: Jack of All Trades - Master of Nuns ::

Because I read that 5.0 will have ACL to control security.  I was just
wondering if the 4.5 iteration started to have this as well.

Peter

Quote:> In the last exciting episode of comp.unix.bsd.freebsd.misc,
> Peter Ong said:

> > Does 4.5 now use access lists instead of file permissions for file
security?

> What gave you that idea?

> 5.0 may well do - see www.trustedbsd.org for more detail.

> --
> Quality Control, n.:
> The process of testing one out of every 1,000 units coming off
> a production line to make sure that at least one out of 100 works.
> Rasputin :: Jack of All Trades - Master of Nuns ::

5.0 has ACL support.  4.4/4.5 (now sure 'bout any previous ones) have
`support' for them, with a few syscalls here and there, but no binaries
as of yet.

Quote:

> If you want ACLs, I'm afraid you'll have to suffer Windows NT or VMS.  Don't
> see why you'd ever need them though.

ACLs can be useful with various applications.  A file server is a very
good example (if you're into Samba, ACL support in the server translates
to ACL manipulation support on the client [even Windows]).  Though, if
you're going to use a file server, I'd just as much go for AFS or, my
new personal favorite, Coda.

I'd still like to see native ACLs though...they can be quite useful is
some `normal' scenarios as well.

What I like about ACLs is that a file can then be owned by more than one
group.  With permissions as they are now, one group one owner is tops.

Philip, I'll agree with you that the way the permissions are set now with
4.4, it's very powerful, but to say that ACLs are useless is a bit too far,
wouldn't you say?  In any case, we really should find a reason why it would
work rather than not, before we even get to try it.

It just sounded like you blew up there when all I asked was if there was ACL
in 4.5.  A simple yes or no would've done it.

(o:`,
Live long and prosper.

Peter

Quote:> What I like about ACLs is that a file can then be owned by more than one
> group.  With permissions as they are now, one group one owner is tops.
> Philip, I'll agree with you that the way the permissions are set now
> with 4.4, it's very powerful, but to say that ACLs are useless is a
> bit too far, wouldn't you say?  In any case, we really should find a
> reason why it would work rather than not, before we even get to try
> it.

Isn't it a bit like saying that "Ports is broken; we need to redesign
it from scratch"?

ACLs wind up requiring a combination of:
 - A way of storing extra "resource forks" on filesystems;
 - Management tools to read and write them;
 - Presumably modifications to tar, cpio, and anything else that
   serializes data from filesystems to express the new "forks";
 - Repeated fiddling around to set up ACLS...

That's rather a lot of work...
--

http://www.ntlug.org/~cbbrowne/emacs.html
"Rather than complaining, I suggest shopping where Linux is

Work I rather enjoy, myself.  What is an admin without a problem?

[please don't top-post]

Quote:> What I like about ACLs is that a file can then be owned by more than one
> group.  With permissions as they are now, one group one owner is tops.

You can put the user in multiple groups though, which makes the layout of the
filesystem more 'lucid'.  

Quote:> Philip, I'll agree with you that the way the permissions are set now with
> 4.4, it's very powerful, but to say that ACLs are useless is a bit too far,
> wouldn't you say?  In any case, we really should find a reason why it would
> work rather than not, before we even get to try it.

Useless might have been a poor choice of words.  But given the flexibility of
the system we have --- and the fact that it happens to be a 'standard' system
--- makes that we don't *really* need ACLs.  Someone might like to have them,
but they pose a risk of braindamage to the people implementing/administering
them :-)

Quote:> It just sounded like you blew up there when all I asked was if there was ACL
> in 4.5.  A simple yes or no would've done it.

I didn't blow up, sorry about that :-o  I meant 'no', just got a bit e*d,
I think ;-)

[...]

 - Philip

--

  Quit while you're still behind.

Hello!

 VMS keeps ACLs in file header (=inode in UNIX), and IMHO it's not a big deal
to keep something like "pointer to ACL or 0 if no ACL used" somewhere in
unused inode area (of course, if it's available).

Quote:>  - Management tools to read and write them;

 Create an ACL editor (just like chsh or vipw, don't actually write editor,
use user's preferred EDITOR and just prepare form for the user/parse result
of edition). Also let users to copy ACLs from one object to another, remove
an ACL completely, and they'll be happy ;)

Quote:>  - Presumably modifications to tar, cpio, and anything else that
>    serializes data from filesystems to express the new "forks";

 That's true, backup tools should preserve/restore ACLs.

Quote:>  - Repeated fiddling around to set up ACLS...

 Why fiddle around? ACLs are not going to replace existing file protection.
If owner/group/filemode protection is acceptable for object, you don't
_have to_ create an ACL for it!

 I'm saying "object" instead of "file" because VMS has ACL support not
for files only, but also for devices and shared memory regions. For UNIX,
device ACLs can be associated with special file's nodes, not sure about
shared memory.

Sincerely, Dmitry

Atlantis ISP, System Administrator

nic-hdl: LYNX-RIPE

[...]

Quote:> Why fiddle around? ACLs are not going to replace existing file protection.
> If owner/group/filemode protection is acceptable for object, you don't
> _have to_ create an ACL for it!
> I'm saying "object" instead of "file" because VMS has ACL support not
> for files only, but also for devices and shared memory regions. For UNIX,
> device ACLs can be associated with special file's nodes, not sure about
> shared memory.

Don't forget that you will also have to provide for things to *check* the
ACLs.  Just writing them isn't enough.  When user X tries to open a file, the
ACL needs to be checked -- in addition to the mode -- for access privileges.

In UNIX 'everything' is a file, so you wouldn't have too much problems
differentiating between 'files' (stricto senso) and 'other stuff' (i/o,
etc...).

 - Philip

--

  Any technical problem can be overcome given enough
  time and money.