Re: setfacl Recursive Functionality

From: Shawn Webb <lattera_at_gmail.com>
Date: Thu, 10 Feb 2011 09:36:34 -0700
Attached is a new patch using the acl(3) API for removing invalid
inheritance. Unless there are other suggestions, I'll likely submit this
upstream. I didn't implement the -P flag since that's the default behavior.

Thanks,

Shawn

On Wed, Feb 9, 2011 at 2:10 PM, Shawn Webb <lattera_at_gmail.com> wrote:

> Included in the attached patch is the refactor using fts(3) and with the -L
> and -H options. I'm still looking for feedback and suggestions on how to
> improve the patch. I'll also port these changes over to my getfacl patch.
>
> If anyone's interested in following up-to-date development of the patch,
> the link to it on github is
> https://github.com/lattera/patches/blob/master/freebsd/setfacl_recursive.patch
>
> I'd like to take the time to address why I created the
> remove_invalid_inherit function since I got a private email asking why it
> existed. Other than symbolic links, non-directory entries cannot have
> inheritance set. That function prevents attempting to set inheritance flags
> on non-directory entries when doing a recursive call. That way, you can run
> `setfacl -R -m user:<user>:read_data:file_inherit/dir_inherit:allow
> <directory>` and not run into errors.
>
> Thanks,
>
> Shawn
>
>
> On Tue, Feb 8, 2011 at 7:51 PM, Shawn Webb <lattera_at_gmail.com> wrote:
>
>> On Tue, Feb 8, 2011 at 7:35 PM, Tim Kientzle <tim_at_kientzle.com> wrote:
>>
>>> On Feb 8, 2011, at 9:58 AM, Shawn Webb wrote:
>>> > I've just finished a patch to add recursive functionality to setfacl.
>>> Before
>>> > I officially submit it, I'd like a few suggestions on how to improve
>>> the
>>> > patch.
>>> >
>>> > The part I'm worried about involves the #define directive at top. I'm
>>> not
>>> > sure what ramifications using that define might have. I needed it for
>>> my
>>> > remove_invalid_inherit() function to work.
>>>
>>> You should certainly not need
>>>   #define _ACL_PRIVATE
>>> for any user-space utilities.  What exactly is the
>>> problem without that?
>>>
>>> Your approach to directory walking here
>>> is a little simplistic.  In particular, you're storing
>>> every filename for the entire tree in memory,
>>> which is a problem for large filesystems.
>>>
>>> It would be much better to refactor the code so that
>>> the actual ACL update was in a function and then
>>> recurse_directory should call that function for
>>> each filename as it visited it.  That will reduce
>>> the memory requirements significantly.
>>>
>>> You should also take a look at fts(3).  In particular,
>>> you'll want to implement the BSD-standard
>>> -L/-P/-H options, and fts(3) makes that much easier.
>>> (-L always follows symlinks, -P never follows symlinks,
>>> -H follows symlinks on the command line).
>>>
>>> Tim
>>>
>>>
>> Great suggestions. I'll definitely look at implementing that
>> functionality.
>>
>> As a side note, it looks like my setfacl patch segfaults on
>> freebsd-current r218075 with the zpool v28 patchset applied. I wrote it on
>> freebsd 8.2-RC3 with zpool v15.
>>
>> Thanks,
>>
>> Shawn
>>
>
>

Received on Thu Feb 10 2011 - 15:36:37 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:11 UTC