URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID10
Нить номер: 2974
[ Назад ]
Исходное сообщение
"есть ли ограничение на количество обьектов ACL Freebsd 6.1"
Отправлено kub , 19-Окт-06 16:26 
сталкнулся вот с таким вопросом
не могу добавить доступ на директорию очередному пользователю
>getfacl /samba/mnt/share/omon                                              17:14
#file:/samba/mnt/share/omon
#owner:1126
#group:513
user::rwx
user:w0002:rwx
user:w0003:rwx
user:w0009:rwx
user:w0011:rwx
user:w0016:rwx
user:w0025:rwx
user:w0026:rwx
user:w0090:rwx
user:w0098:rwx
user:w0102:rwx
user:w0108:rwx
user:w0111:rwx
user:w0117:rwx
user:w0125:rwx
user:w0138:rwx
user:w0139:rwx
user:w0140:rwx
user:w0141:rwx
user:w0143:rwx
user:w0146:rwx
user:w0158:rwx
user:w0159:rwx
user:w0161:rwx
user:w0167:rwx
user:w0169:rwx
user:w0171:rwx
user:w0182:rwx
group::---
group:Domain Admins:rwx
mask::rwx
other::---

добовляем доступ новому пользователю
root[/etc/script]#>setfacl -m u:w0189:rwx /samba/mnt/share/omon
setfacl отрабатывает "чисто" без ошибок
проверяем добавились ли пермишены?!                              
root[/etc/script]#>getfacl /samba/mnt/share/omon                                              
#file:/samba/mnt/share/omon
##owner:1126
##group:513
user::rwx
user:w0002:rwx
user:w0003:rwx
user:w0009:rwx
user:w0011:rwx
user:w0016:rwx
user:w0025:rwx
user:w0026:rwx
user:w0090:rwx
user:w0098:rwx
user:w0102:rwx
user:w0108:rwx
user:w0111:rwx
user:w0117:rwx
user:w0125:rwx
user:w0138:rwx
user:w0139:rwx
user:w0140:rwx
user:w0141:rwx
user:w0143:rwx
user:w0146:rwx
user:w0158:rwx
user:w0159:rwx
user:w0161:rwx
user:w0167:rwx
user:w0169:rwx
user:w0171:rwx
user:w0182:rwx
group::---
group:Domain Admins:rwx
mask::rwx
other::---

пусто :(
на всякий случай проверяю (может просто не выводит)
root[/etc/script]#>su w0189                                                                  
[/etc/script]%>ll /samba/mnt/share/omon                                                      
total 0
ls: omon: Permission denied

без коментариев
Так вот соответственно вопрос: существует ли ограничения на кол-во обьектов ACL на FS UFS2
и можно ли как-то обойти?!

Содержание
Сообщения в этом обсуждении
"есть ли ограничение на количество обьектов ACL Freebsd 6.1"
Отправлено kub , 23-Окт-06 09:33 
сам себе отвечу
в исходниках
/usr/src/sys/sys/acl.h
есть вот параметр
#define    ACL_MAX_ENTRIES 32 /* maximum entries in an ACL */
этот параметр как раз и ограничивает кол-во ACL
Пробовал изменить этот параметр на значение больше 32, с пересборкой ядра и системы, привело к "permishen denied" на все папки с acl

вот ещё, нашёл обсуждение этого вопроса ещё в 2003!! году
в двух словах, когда нибудь это будет! :)
> On Wed, 5 Mar 2003, Skye Poier wrote:

> Whoa the list lives :)
> I have a question too, in struct acl:
>
> struct acl {
> int acl_cnt;
> struct acl_entry acl_entry[ACL_MAX_ENTRIES];
> };
>
>
> How/why was 32 chosen for ACL_MAX_ENTRIES? Is it a limitation of UFS
> ext attrs?

32 was selected as a reasonable-looking number. I don't remember
off-hand, but I seem to recall IRIX uses 16 or 32. The justification for
a fixed bound was that originally, UFS ACLs had to have a fixed,
documented maximum size. They can now be substantially larger, and I have
been thinking about modifying the kernel code to support variable length
ACLs using an ACL pointing to an array of ACL Entries rather than
including the array. However, this will require a bit of work, and
require us to be careful about ABI issues.

> Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
> robert (at) fledge.watson (dot) org [email concealed]
> Network Associates Laboratories

> To Unsubscribe: send mail to majordomo (at) trustedbsd (dot)
> org [email concealed]
> with "unsubscribe trustedbsd-discuss" in the body of the
> message