Re: Improve support for ACLs in coreutils (ls & chmod) following the Sol

coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Improve support for ACLs in coreutils (ls & chmod) following the Sol

From:	Pádraig Brady
Subject:	Re: Improve support for ACLs in coreutils (ls & chmod) following the Solaris way
Date:	Mon, 16 Jan 2023 19:15:47 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Thunderbird/109.0

On 16/01/2023 15:03, Ondrej Valousek wrote:

Hi,

As per our conversation with Bruno I was thinking if it would make a sense to extend support of 
ACLs in gnulib/coreutils, mainly covering "ls" (1st stage) and "chmod" (2nd 
stage)  with the goal to have the ACLs better understandable for end users.

For "ls" we would:
- Introduce a new flag "-V" that would work like "-l" but also append text 
interpretation of ACLs as in Solaris, i.e.:
# ls -V
total 7
-rw-r--r--+  1 root     root           5 Jan  4 09:11 acl
             user:ondrej:rwx-----------:-------:allow
                  owner@:rw-p--aARWcCos:-------:allow
                  group@:r-----a-R-c--s:-------:allow
               everyone@:r-----a-R-c--s:-------:allow

For "chmod" we would add new option "A" that would allow modify ACEs like in 
Solaris:
# chmod A+user:marks:rw- file.1

Technical implementation:
- I'd like to support NFSv4 ACLs, but since we have no library for it, then we would need 
to provide some parsing code for it and stick in Gnulib - we have something in 
"file-has-acl.c" already and it would be a good starting point.
- file_has_acl() function would need to be modified slightly to return 2 in 
case NFSv4 acls were found (this is backward compatible).

For Posix acls we would use the existing libacl.

Is this something I would find support in both coreutils and Gnulib?
Thanks


Maybe, though I'm not convinced about adding to ls and chmod.
This would add lots more complexity for parsing ACLs on input and output.

Now saying that, there is some precedence with SELinux attributes
generally integrated through the -Z option.

For completeness, if "additional attributes" manipulation we have:

ACLS: {get,set}facl
Capabilities: {get,set}cap
SELinux: getfattr -m 'selinux' -d,chcon
xattrs: {get,set}fattr
linux extra attributes: {ls,ch}attr

So as we see there are lots of "additional attributes"
with dedicated programs to manipulate them.
What's the big advantage of merging with ls and chmod,
over the current situation of separate utilities?

Also there is the question of whether ACLs are always available.
ext4 or nfs could be mounted with noacl for example, or some file systems
may need acl support enabled with a mount option.

Personally I feel we're exposing lots of complexity here for not much gain.

thanks,
Pádraig

[Prev in Thread]

Current Thread

[Next in Thread]

Improve support for ACLs in coreutils (ls & chmod) following the Solaris way, Ondrej Valousek, 2023/01/16
- Re: Improve support for ACLs in coreutils (ls & chmod) following the Solaris way, Bruno Haible, 2023/01/16
- Re: Improve support for ACLs in coreutils (ls & chmod) following the Solaris way, Pádraig Brady <=
  - Re: Improve support for ACLs in coreutils (ls & chmod) following the Solaris way, Bruno Haible, 2023/01/16

Prev by Date: Re: Improve support for ACLs in coreutils (ls & chmod) following the Solaris way
Next by Date: Re: Improve support for ACLs in coreutils (ls & chmod) following the Solaris way
Previous by thread: Re: Improve support for ACLs in coreutils (ls & chmod) following the Solaris way
Next by thread: Re: Improve support for ACLs in coreutils (ls & chmod) following the Solaris way
Index(es):
- Date
- Thread