* Optionally enforced time-based ACLs for BTRFS
@ 2012-04-26 19:30 David Bruzos
2012-04-26 20:04 ` Chris Mason
0 siblings, 1 reply; 4+ messages in thread
From: David Bruzos @ 2012-04-26 19:30 UTC (permalink / raw)
To: linux-btrfs
Hi BTRFS folks:
In my organization, many use cases exist for a time-based honoring field for FS ACLs. I've done some brief research regarding this topic, but I was unable to find any reference to such a thing in any file system.
I understand that a feature like time-based honoring for ACLs may arguably be something that should exist in higher layers (E.G. some document management system), but on the other hand, I see no real reason that an extra ACL field that would allow for time-based granting/removing of permissions to some user would be a problem.
* The logic would go something like this (ACE means Access control Entry):
If ACE.time = 0 or ACE.time > current_time; then
Honor ACE
Elif Ace.time < 0 and (current.time+ACE.time) > 0; then
Honor ACE
Else
not honor ACE
fi
for uses like company-wide file servers, etc, a little feature like that could go very far in long-term management of file system permissions. You could easily and non-hackeshly temporarily grant access to file system objects, without having to makemodifications to applications, system utilities,or system libraries. The behavior could be easily controled by mount options (could be off by default) and a small utility or function of the standard file system's utilities could allow for easy management of the value in the time fields (change, expire, etc).
Of course, acurit time would then be crutial to system security, but today acurit time is crytical on servers anyway in most situations. Besides, it would definitly be an optional feature, enabled at the user's choice.
If we add a second field, then both expire time and activation time could be set for a given access control entry at the same time. In that case, negative values for the fields could indicate things like restrict access to ---, r-x, etc, regardless of the ACE's actual content. Basically, it would be something like XFS's mask entry, but applying to the ACE itself not the entire list.
Any thoughts, suggestions, ideas?
Am I just plain crazy?
Thanks for the great work you're doing.
David Bruzos (Systems Administrator)
2831 Talleyrand Ave.
Jacksonville, FL 32206
Office: (904) 357-3069
________________________________________________________________________________________________
Please note that under Florida's public records law (F.S. 668.6076), most written communications
to or from the Jacksonville Port Authority are public records, available to the public and media
upon request. Your email communications may therefore be subject to public disclosure. If you have
received this email in error, please notify the sender by return email and delete immediately
without forwarding to others.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Optionally enforced time-based ACLs for BTRFS
2012-04-26 19:30 Optionally enforced time-based ACLs for BTRFS David Bruzos
@ 2012-04-26 20:04 ` Chris Mason
2012-04-26 21:27 ` David Bruzos
0 siblings, 1 reply; 4+ messages in thread
From: Chris Mason @ 2012-04-26 20:04 UTC (permalink / raw)
To: David Bruzos; +Cc: linux-btrfs
On Thu, Apr 26, 2012 at 03:30:39PM -0400, David Bruzos wrote:
> Hi BTRFS folks: In my organization, many use cases exist for a
> time-based honoring field for FS ACLs. I've done some brief research
> regarding this topic, but I was unable to find any reference to such a
> thing in any file system. I understand that a feature like time-based
> honoring for ACLs may arguably be something that should exist in
> higher layers (E.G. some document management system), but on the other
> hand, I see no real reason that an extra ACL field that would allow
> for time-based granting/removing of permissions to some user would be
> a problem.
One of the interesting thing about linux acls is the filesystems don't
really implement acls. We implement xattrs, and the higher layers stuff
acls into them. In a few key spots we tell the higher layers how to do
that, and we also call back into the higher layers for permission
checks.
This is a long way of saying the changes would have to happen in the
generic acl code. This is a good thing, it will get much more review
that way.
I'd suggest posting this to linux-fsdevel.
-chris
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Optionally enforced time-based ACLs for BTRFS
2012-04-26 20:04 ` Chris Mason
@ 2012-04-26 21:27 ` David Bruzos
2012-04-27 14:57 ` Chris Mason
0 siblings, 1 reply; 4+ messages in thread
From: David Bruzos @ 2012-04-26 21:27 UTC (permalink / raw)
To: Chris Mason; +Cc: linux-btrfs
Hi Chris:
Thank you for your very informative response. I will post the message to linux-fsdevel and see what they have to say about it.
Any comments you would like to share regarding why something like what I suggested has apparently never been implemented?
Again, thanks!
David Bruzos (Systems Administrator)
-----Original Message-----
From: Chris Mason [mailto:chris.mason@oracle.com]
Sent: Thursday, April 26, 2012 4:04 PM
To: David Bruzos
Cc: linux-btrfs@vger.kernel.org
Subject: Re: Optionally enforced time-based ACLs for BTRFS
On Thu, Apr 26, 2012 at 03:30:39PM -0400, David Bruzos wrote:
> Hi BTRFS folks: In my organization, many use cases exist for a
> time-based honoring field for FS ACLs. I've done some brief research
> regarding this topic, but I was unable to find any reference to such a
> thing in any file system. I understand that a feature like time-based
> honoring for ACLs may arguably be something that should exist in
> higher layers (E.G. some document management system), but on the other
> hand, I see no real reason that an extra ACL field that would allow
> for time-based granting/removing of permissions to some user would be
> a problem.
One of the interesting thing about linux acls is the filesystems don't
really implement acls. We implement xattrs, and the higher layers stuff
acls into them. In a few key spots we tell the higher layers how to do
that, and we also call back into the higher layers for permission
checks.
This is a long way of saying the changes would have to happen in the
generic acl code. This is a good thing, it will get much more review
that way.
I'd suggest posting this to linux-fsdevel.
-chris
________________________________________________________________________________________________
Please note that under Florida's public records law (F.S. 668.6076), most written communications
to or from the Jacksonville Port Authority are public records, available to the public and media
upon request. Your email communications may therefore be subject to public disclosure. If you have
received this email in error, please notify the sender by return email and delete immediately
without forwarding to others.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Optionally enforced time-based ACLs for BTRFS
2012-04-26 21:27 ` David Bruzos
@ 2012-04-27 14:57 ` Chris Mason
0 siblings, 0 replies; 4+ messages in thread
From: Chris Mason @ 2012-04-27 14:57 UTC (permalink / raw)
To: David Bruzos; +Cc: linux-btrfs
On Thu, Apr 26, 2012 at 05:27:12PM -0400, David Bruzos wrote:
> Hi Chris:
> Thank you for your very informative response. I will post the message to linux-fsdevel and see what they have to say about it.
>
> Any comments you would like to share regarding why something like what I suggested has apparently never been implemented?
Most features in the kernel are based on customer demand. I think we
just haven't had enough people asking for it ;)
-chris
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-04-27 14:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-26 19:30 Optionally enforced time-based ACLs for BTRFS David Bruzos
2012-04-26 20:04 ` Chris Mason
2012-04-26 21:27 ` David Bruzos
2012-04-27 14:57 ` Chris Mason
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.