主題: 5.0的UFS2 ACL功能 ?

[damon]

昨天裝了5.0 Release了，改變了很多東西，也把file system都改成了UFS2了
(分割slice時按2就可以改用UFS2了，預設還是UFS1)，GENERIC也預設啟動ACL
看了handbook上有關於ACL的功能，有學長試成功了嗎？
以下是handbook的說明

代碼: [選擇]


ACLs are enabled by the mount-time administrative flag, acls, which may be added to /etc/fstab. The mount-time flag can also be automatically set in a persistent manner using  tunefs(8) to modify a superblock ACLs flag in the file system header. In general, it is preferred to use the superblock flag for several reasons:

    *

      The mount-time ACLs flag cannot be changed by a remount ( mount(8) -u), only by means of a complete umount(8) and fresh mount(8). This means that ACLs cannot be enabled on the root file system after boot. It also means that you cannot change the disposition of a file system once it is in use.
    *

      Setting the superblock flag will cause the file system to always be mounted with ACLs enabled even if there is not an fstab entry or if the devices re-order. This prevents accidental mounting of the file system without ACLs enabled, which can result in ACLs being improperly enforced, and hence security problems.

    Note: We may change the ACLs behavior to allow the flag to be enabled without a complete fresh mount(8), but we consider it desirable to discourage accidental mounting without ACLs enabled, because you can shoot your feet quite nastily if you enable ACLs, then disable them, then re-enable them without flushing the extended attributes. In general, once you have enabled ACLs on a file system, they should not be disabled, as the resulting file protections may not be compatible with those intended by the users of the system, and re-enabling ACLs may re-attach the previous ACLs to files that have since had their permissions changed, resulting in other unpredictable behavior.

File systems with ACLs enabled will show a + (plus) sign in their permission settings when viewed. For example:

    drwx------  2 robert  robert  512 Dec 27 11:54 private
    drwxrwx---+ 2 robert  robert  512 Dec 23 10:57 directory1
    drwxrwx---+ 2 robert  robert  512 Dec 22 10:20 directory2
    drwxrwx---+ 2 robert  robert  512 Dec 27 11:57 directory3
    drwxr-xr-x  2 robert  robert  512 Nov 10 11:54 public_html

Here we see that the directory1, directory2, and directory3 directories are all taking advantage of ACLs. The public_html directory is not.


可是相對應的mount , fstab裡面的man page，卻都沒有說明用哪個參數加在fstab裡面可以啟動ACL，請教有學長已經成功了嗎？
是要用哪個參數呢？網頁或是man page裡面提到的參數都跟4.7 stable時一樣
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fs-acl.html
http://www.freebsd.org/cgi/man.cgi?query=mount&sektion=8

[damon]

有找到了幾個相關的指令了setfacl，詳細的還在摸索中

[damon]

freebsdforums.org上的老外說
man -k acl
晚上回去再來試試看

[小穎]

在FreeBSD UNLEASHED的書上也有提到FreeBSD 5.0的ACL
kernel方面要有
options UFS_ACL
options UFS_EXTATTR
options UFS_EXTATTR_AUTOSTART

然後利用extattrctl command去做configuring filesystem
還沒試過！
UFS2的話，就不用做kernel方面的變動了…有UFS_ACL就行了！^^

[makinen]

想請問一下那個ACL是什麼功能ㄚ??
若在5.0上該如何使用呢??
又UFS 跟 UFS2的差異在那我該用UFS2嗎???

[damon]

如果用4.7 cvsup上去的話，大概就得用在kernel上加上一些參數的方式
5.0直接安裝的話就不用了，我是用直接安裝選UFS2
ACL就是access control list，上面提到的handbook網頁有說明
還有前面提到的man page，看完大致上應該就有一定的瞭解了
有用過ntfs的話，不用多說了吧

UFS跟UFS2最大的差異應該在於內建了對ACL的支援，這對unix like的file system來說是滿新的東西，雖然其他file system早就有了

至於詳細的步驟與使用方法，期待小穎兄的筆記

[duncanlo]

不知道有那些AP有支援它的ACL功能了?!

[damon]

不知道有那些AP有支援它的ACL功能了?!

gnuls已經有了相關的patch

[damon]

在/etc/fstab的options加上acls，再重新mount或是重新開機就可以了

[duncanlo]

真令人心動的功能...