On Fri, Nov 08, 2002 at 11:17:39AM +0800, kai ouyang wrote:
Hi,
I am trying to understand the ACL implementation in FreeBSD-Current. I
have a question about ACL.
in acl.h, there are some acl_type_t value macro:
/*
* Possible valid values for acl_type_t arguments.
*/
#define ACL_TYPE_ACCESS 0x
#define ACL_TYPE_DEFAULT 0x0001
#define ACL_TYPE_AFS0x0002
#define ACL_TYPE_CODA 0x0003
#define ACL_TYPE_NTFS 0x0004
#define ACL_TYPE_NWFS 0x0005
But I am not sure what's means.
See the POSIX.1e draft[1] for detailed explanations. Basically we
support access ACL's on files and directories allowing discretionary
access control and default ACL's on directories which determine the
default access ACL's on any files and directories created below it.
in the 'setfacl' source, I found the usage:
If we want to control a directory,
acl[ACL_TYPE_DEFAULT] = acl_get_file(filename, ACL_TYPE_DEFAULT);
if we want to sontrol a file,
acl[DEFAULT_ACL] = NULL;
Why?
What's the difference among those macros?
Why must a directory object reserve two acl_t_structs, and a file only need
one?
Because directories may have both default and access ACL's whereas
files may only have access ACL's.
[1] http://wt.xpilot.org/publications/posix.1e/
--
Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED]
FreeBSD: The Power To Serve - http://www.FreeBSD.org
msg46340/pgp0.pgp
Description: PGP signature
