8.4 HFS Access Control Lists

Previous page
Table of content
Next page
     

Access Control Lists (ACLs) allow us to give individual users their own read, write, and execute permissions on individual files and directories. HFS has supported ACLs since its inception, and they are managed by the commands lsacl and chacl . We will take our 1G.file created earlier and apply ACLs to it for a couple of users: fred and barney : 

 

 root@hpeos003[test]  pwget -n barney  barney:acGNA0B.QxKYI:110:20::/home/barney:/sbin/sh root@hpeos003[test]  pwget -n fred  fred:rK23oXbRNKgAo:109:20::/home/fred:/sbin/sh root@hpeos003[test]  lsacl -l 1GB.file  1GB.file: rw- root.% rw- %.sys rw- %.% root@hpeos003[test]  chacl '(fred.%, rwx)' 1GB.file  root@hpeos003[test]  lsacl -l 1GB.file  1GB.file: rw- root.% rwx fred.% rw- %.sys rw- %.% root@hpeos003[test] root@hpeos003[test]  chacl '(barney.%, ---)' 1GB.file  root@hpeos003[test]  lsacl -l 1GB.file  1GB.file: rw- root.% rwx fred.% --- barney.% rw- %.sys rw- %.% root@hpeos003[test]

We can see that fred has read, write, and execute, while barney has no access.

Interestingly, HFS stores ACLs in a structure known as a continuation inode (see the ci field in the inode). Simply put, this is an additional inode used by file 1G.file to store the additional ACL entries. We can see this with fsdb : 

 

 root@hpeos003[test]  echo "4i"  fsdb -F hfs /dev/vx/rdsk/ora1/archive  file system size = 524288(frags)   isize/cyl group=64(Kbyte blocks) primary block size=65536(bytes) fragment size=8192 no. of cyl groups = 421 i#:4  md: f---rw-rw-rw- ln:    1 uid:    0 gid:    3 sz: 1073741824   ci:6   a0 :    72  a1 :    80  a2 :    88  a3 :    96  a4 :   104  a5 :   112   a6 :   120  a7 :   128  a8 :   136  a9 :   144  a10:   152  a11:   160   a12:  1256  a13:     0  a14:     0   at: Thu Nov 13 00:21:54 2003 mt: Thu Nov 13 00:22:32 2003 ct: Thu Nov 13 00:53:21 2003 root@hpeos003[test]  echo "6i"  fsdb -F hfs /dev/vx/rdsk/ora1/archive  file system size = 524288(frags)   isize/cyl group=64(Kbyte blocks) primary block size=65536(bytes) fragment size=8192 no. of cyl groups = 421 i#:6  md: C------------  ln:    1   uid:  109  gid:  -36  md:7     uid:  110  gid:  -36  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0   uid:  -35  gid:  -35  md:0 root@hpeos003[test]

In addition to the base ACL entries stored in the primary inode, HFS allows 13 additional ACLs per file and/or directory. If we are considering widely using HFS ACLs, it may have an impact on the density of inodes that we create at newfs time.


Previous page
Table of content
Next page
HP-UX CSE(c) Official Study Guide and Desk Reference
HP-UX CSE(c) Official Study Guide and Desk Reference
ISBN: N/A
EAN: N/A
Year: 2006
Pages: 434
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Crystal Reports 9 on Oracle (Database Professionals)
MySQL Cookbook
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Microsoft VBScript Professional Projects
Quantitative Methods in Project Management
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy