implementing acls in linux jesse dyer, dennis lu, and erik welsh comp 527 – fall 2001
TRANSCRIPT
![Page 1: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/1.jpg)
Implementing ACLs in LinuxJesse Dyer, Dennis Lu, and Erik Welsh
Comp 527 – Fall 2001
![Page 2: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/2.jpg)
Overview Why ACLs? Solaris ACLs NT ACLs Our ACLs VFS Our Implementation Some Examples Problems and Future Work
![Page 3: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/3.jpg)
In case you were sleeping… What is an ACL?
Access Control List: collection of Access Control Entries (ACEs) associated with a file.
What is an ACE? A structure specifying permission for a user,
group, or other entity. What is an inode?
A structure containing metadata about files and directories.
![Page 4: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/4.jpg)
Why ACLs? Traditional rwx for ugo not fine grained
enough File owner controls all permissions Can allow group, but admin controls groups,
creates administrative headache Want to give specific user or group ability to
access to files and directories
![Page 5: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/5.jpg)
For Example – CVS on owlnet Must give world rwx
permissions! Allows ANY malicious
user or accident to mess up your project files
Preferably give access to certain directories to certain people
![Page 6: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/6.jpg)
Solaris ACLs Standard ACL implementation Can give specific and multiple users and
groups rwx permission on a file Has mask entry Almost POSIX compliant
![Page 7: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/7.jpg)
NT ACLs Even more fine grained
than Solaris Adds ability to let someone
delete, modify the permissions of, or take ownership of a file
Has ability to inherit permissions
Adds ability to deny access to a file
Order to apply rules Has “Everyone” user
![Page 8: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/8.jpg)
Our ACLs Combination of Solaris and NT ACLs Have traditional rwx for multiple users and
groups Added p (permission) Added inheritance Added ability to deny Rules applies in order
![Page 9: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/9.jpg)
VFS Acts as layer of abstraction
between different filesystems and file access programs
All fs calls go through VFS at some point
Provides common interface for several fs
Different fs must register with the VFS
Different fs operations called by using function pointers
![Page 10: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/10.jpg)
ext2 Default Linux file system Allows for variable size blocks to minimize
fragmentation Variable number of inodes to maximize usable space Block preallocation for files to reduce fragmentation Disk blocks partitioned into groups Robust crash recovery Designed to be extensible (ACLs, encryption, etc…)
![Page 11: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/11.jpg)
Our Implementation Modified version of ext2 on Mandrake Kept ACL information in the inode, not in
blocks Max users = 32 Compiled as kernel module Modified mke2fs to setup our fs and ext2fsck
to not demolish our ACLs
![Page 12: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/12.jpg)
Permission Checking If no ACL present,
reverts to traditional file permissions
Search for any deny, then allow
Support for new modify permission functionality
![Page 13: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/13.jpg)
setfacl User command utility to set, modify, or delete ACLs
on a file Can be ran by file owner or anyone given permission
to modify permissions Sample commands:
setfacl –s u:alice:+rx:i myFile setfacl –m o::drwx myFile setfacl –u myFile setfacl –d u:alice myFile
![Page 14: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/14.jpg)
getfacl User utility to examine the ACL on a
particular file Examines a file’s inode to detemine what
permissions are set Sample:
getfacl myFile
![Page 15: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/15.jpg)
Example$touch samplefile$getfacl samplefile #no ACL set
$ setfacl –s u:welsh:+rw samplefile
$ getfacl samplefile
# file: samplefile
# owner: dlu
# group: brown
# Inherits from parent
user::rw-p:i
user:welsh:rw-- :i
group::r---:i
other:r---:i
![Page 16: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/16.jpg)
Example$ setfacl –m u:welsh:dxp samplefile
$ getacl samplefile
# file: samplefile
# owner: dlu
# group: brown
user::rw-p:i
user:welsh:rw<x><p>:i
group::r---:i
other:r---:i
![Page 17: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/17.jpg)
Example – permission partitions
Development MarketingQA
![Page 18: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/18.jpg)
Problems Open Source code is inconsistently
documented
Communication between kernel and user programs is confusing
Testing is a pain
![Page 19: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/19.jpg)
Future Work Make it as a patch to the current linux
distribution Determine the optimum number of ACLs to
be kept Caching effective ACLs minimizes
performance hit from inheritance Graphical User Interface
![Page 20: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/20.jpg)
The Ideal ACL Deny and allow have equal importance, based
on their location in the ACL. I.e. Order matters.
Example User Chuck member of: everyone, losers. ACL: allow Chuck; deny losers; allow everyone
Chuck is given access. Existing implementation Chuck is denied
access
![Page 21: Implementing ACLs in Linux Jesse Dyer, Dennis Lu, and Erik Welsh Comp 527 – Fall 2001](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649da05503460f94a8bcec/html5/thumbnails/21.jpg)
References
Bovet and Cesati, Understanding the Linux Kernel, O’Reilly, 2001
Anderson, Security Engineering, Wiley, 2001
Linux Documentation Project
Algis Dan