DOWNLOAD - Access Control Lists for ext2

Warning: This is beta stage. You use it at your own risk. Although it works fine for us, it could crash your filesystem, lock up your machine or make your girlfriend leave you.

To use ACLs with your ext2 file system, you will need

  • The ACL kernel patch.

    In our opionion the patch should not interfere with the large file support patch.

    When you have applied this patch, ext2 will recognize the mount option "acl". There will not be read or written any ACLs without this mount option. Without using ACLs you won't suffer a performance hit, even when mounting with ACL support. The blocks used for ACLs (not many at all) won't be freed if you remove all ACLs. Instead they will be reused for ACLs, but are lost for normal usage. Note that we tested this patch only with Intel architecture. You will also need the ACL utilities.

    Known bugs:

    • As all ACLs are stored in the third and fourth inode and therefore their blocks are not in the same block group as most files, you will suffer some performance loss for your ext2: For each inode with an acl it will take a lookup for the ACL. There is no noticable performance loss if only files without an ACL are involved or the ext2fs was mounted without acl option.
    • There may exist race conditions which could lead to erroneous set ACLs.

    POSIX non-conformance:

    • Files and directores created inside a directory with default ACL get the intersection of creation mode, umask and default ACL as access ACL, instead of the intersection of creation mode and default ACL.

    Missing features, next things to be added/fixed:

    • ACLs are still limited to 30 entries. The next thing to add.
    • You probably don't want to use the same default ACL for directories as for files. So we should add default directory entries.
    • We will use the coda ACL cache to improve performance (greatly, I think).
    • Blocks once allocated for ACL storage are never released again. But they are reused for ACL storage.
    • The systemcall needs to be added to non-x86 architectures.

    Changes/bugfixes for version 1.1:

    • The deadlock when using default ACLs has been removed.

    Changes/bugfixes for version 1.0:

    • Many, many, ... but I just can't remember right now. Thank you for all the feedback.

  • The ACL utilities.

    The ACL utilities consist of setfacl, getfacl and the ACL library (libacl.a). You can use setfacl and getfacl to set and read ACLs.

  • A patch for e2fsprogs.

    If you check an ext2 filesystem with ACLs, you will also have to replace e2fsck. This check is done regularly if you did not disable it with tune2fs. You won't be able to boot normally if e2fsck without this patch finds a filesystem with ACL. So it's recommended to update! The patch for e2fsprogs-1.14 can also be applied to e2fsprogs-1.15. Changes to original e2fsck:

    • ACL special inodes are not cleared
    • checks blocks allocated for ACLs

The initial version of the ACL utilities and the ACL kernel patch is from Remy Card.

Download from: Local directory

Mail us:
Hauke Steenbock
Matthias Riese

Go back to the page of the ACL group.

 
to the homepage of LiVE!