| Access Control Lists (ACLs) allow us to give individual users their own read, write, and execute permissions on individual files and directories. HFS has supported ACLs since its inception, and they are managed by the commands lsacl and chacl . We will take our 1G.file created earlier and apply ACLs to it for a couple of users: fred and barney : root@hpeos003[test] pwget -n barney barney:acGNA0B.QxKYI:110:20::/home/barney:/sbin/sh root@hpeos003[test] pwget -n fred fred:rK23oXbRNKgAo:109:20::/home/fred:/sbin/sh root@hpeos003[test] lsacl -l 1GB.file 1GB.file: rw- root.% rw- %.sys rw- %.% root@hpeos003[test] chacl '(fred.%, rwx)' 1GB.file root@hpeos003[test] lsacl -l 1GB.file 1GB.file: rw- root.% rwx fred.% rw- %.sys rw- %.% root@hpeos003[test] root@hpeos003[test] chacl '(barney.%, ---)' 1GB.file root@hpeos003[test] lsacl -l 1GB.file 1GB.file: rw- root.% rwx fred.% --- barney.% rw- %.sys rw- %.% root@hpeos003[test] We can see that fred has read, write, and execute, while barney has no access. Interestingly, HFS stores ACLs in a structure known as a continuation inode (see the ci field in the inode). Simply put, this is an additional inode used by file 1G.file to store the additional ACL entries. We can see this with fsdb : root@hpeos003[test] echo "4i" fsdb -F hfs /dev/vx/rdsk/ora1/archive file system size = 524288(frags) isize/cyl group=64(Kbyte blocks) primary block size=65536(bytes) fragment size=8192 no. of cyl groups = 421 i#:4 md: f---rw-rw-rw- ln: 1 uid: 0 gid: 3 sz: 1073741824 ci:6 a0 : 72 a1 : 80 a2 : 88 a3 : 96 a4 : 104 a5 : 112 a6 : 120 a7 : 128 a8 : 136 a9 : 144 a10: 152 a11: 160 a12: 1256 a13: 0 a14: 0 at: Thu Nov 13 00:21:54 2003 mt: Thu Nov 13 00:22:32 2003 ct: Thu Nov 13 00:53:21 2003 root@hpeos003[test] echo "6i" fsdb -F hfs /dev/vx/rdsk/ora1/archive file system size = 524288(frags) isize/cyl group=64(Kbyte blocks) primary block size=65536(bytes) fragment size=8192 no. of cyl groups = 421 i#:6 md: C------------ ln: 1 uid: 109 gid: -36 md:7 uid: 110 gid: -36 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 uid: -35 gid: -35 md:0 root@hpeos003[test] In addition to the base ACL entries stored in the primary inode, HFS allows 13 additional ACLs per file and/or directory. If we are considering widely using HFS ACLs, it may have an impact on the density of inodes that we create at newfs time. |