> From tytso@ATHENA.MIT.EDU Mon Sep 20 14:54:48 1999
> From: Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil>
>
> >Anyone know if the coda project intends to make their ACLs work the same way
> >as these do for ext2? It'd be great to have one set of common commands to
> >learn for working with ACLs ...
>
> I'd be much happier if the ACL interface moved into the VFS layer, and up
> to individual file systems to support/not support ACL's. This way the
> implementation would become isolated from the kernel support, allowing a
> common set of user utilities, and user/OS interface.
>
> The problem is that different, already established filesystems: AFS,
> Coda, NTFS, etc., all have different ACL semantics. For example, AFS
> only has an ACL on a per-directory basis. I'm not sure about Coda, but
> it may be the same as AFS. NTFS uses 128 bit UUID's in its ACL's to
> name users and groups. The POSIX acl interface uses uid_t and gid_t for
> user and group id's.
I thought AFS was ACLs were implemented similarly to the DFS - ACLs emulated
in an authentication server... I didn't know that Coada even had ACLS, only
a network sync technique for disconnected operation (prevents a lot of
authentication capability... the user walks off taking the files, then hacks
at them). The translation of UUID's would almost have to be done via a table
lookup, but hopefully done in the filesystem layer (unless Linux is the
server).
> So it would be *nice* to do this, but there's quite a lot of design work
> to make the interfaces similar enough that a single interface could be
> used at both the UI and system call level. I won't say that it's
> impossible, but it's definitely non-trivial.
Sounds like a graduate project someplace, huh :)
I've been looking for ACLs (and MLS ...) but until real recently hadn't
seen anything that was sufficently production level (well beta at least).
I'm also watching the freeswan (IPsec) and RSBAC projects for a possible
MLS based PC system for consolidated console system (console handling for
multiple hosts, combined timestamped console log, positive authentication
for remote connections, labeling of audit data and log files...). It could
also be used for archiving audit analysis and be a security analysis system.
I'm using a Linux IA pc for that now, but minus much of the audit logs and
security tracing. Works fine for now (2 Origin 2000, 1 Origin 200, 1 Onyx2,
and 4 Cray systems).
Combining all of this (misc security projects) into one server system for
Kerberos authentication would also make a very difficult system to hack.
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil
Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/