Re: [zfs-discuss] Apache module for ZFS ACL based authorization
On Wed, Sep 10, 2008 at 06:35:49PM -0700, Paul B. Henson wrote: I'd appreciate any feedback, particularly about things that don't work right :). I bet you think it'd be nice if we had a public equivalent of _getgroupsbymember()... Even better if we just had utility functions to do ACL evaluation for user-land apps. ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Apache module for ZFS ACL based authorization
On Thu, 11 Sep 2008, Nicolas Williams wrote: I bet you think it'd be nice if we had a public equivalent of _getgroupsbymember()... Indeed, that would be useful in numerous contexts. It would be even nicer if the appropriate standards body added it alongside of the current getgr* functions to make it generally available on all systems. Even better if we just had utility functions to do ACL evaluation for user-land apps. I vaguely recall asking about that sometime recently :). -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768 ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Apache module for ZFS ACL based authorization
On Thu, Sep 11, 2008 at 10:36:38AM -0700, Paul B. Henson wrote: On Thu, 11 Sep 2008, Nicolas Williams wrote: I bet you think it'd be nice if we had a public equivalent of _getgroupsbymember()... Indeed, that would be useful in numerous contexts. It would be even nicer if the appropriate standards body added it alongside of the current getgr* functions to make it generally available on all systems. I'll ask around. I really don't understand why _getgroupsbymember() couldn't be made public. Even better if we just had utility functions to do ACL evaluation for user-land apps. I vaguely recall asking about that sometime recently :). :) ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
[zfs-discuss] Apache module for ZFS ACL based authorization
We are currently working on a Solaris/ZFS based central file system to replace the DCE/DFS-based implementation we have had in place for over 10 years. One of the features of our previous implementation was that access to files regardless of method (CIFS, AFP, HTTP, FTP, etc) was completely controlled by the DFS ACL. Our ZFS implementation will be available by NFSv4 and CIFS, both of which respect the ACL. To provide ZFS ACL-based authorization to files via HTTP, I put together a small Apache module. The module allows for files to be either delivered without authentication required (if they are world readable) or requires authentication and restricts file delivery to users with access based on the ACL. If anyone is interested in taking a look at it, it is available from: http://www.csupomona.edu/~henson/www/projects/mod_authz_fsacl/dist/mod_authz_fsacl-0.10.tar.gz I'd appreciate any feedback, particularly about things that don't work right :). -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768 ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
