(Illustration by Gaich Muramatsu)
On Tue, 9 Dec 1997, Peter J. Braam wrote: > Hi Alexander, > > Whoops, I think nobody is looking much at that list. I suppose I should > subscribe myself. > > We definitely have ACL's. We have some extra attributes in our "cnodes" > which we currently don't exploit (I believe author and data version are > there). We deal differently with atime, mtime, ctime than local > filesystems for efficiency. Due to replication of volumes we carry a lot > of stuff around that is used internally: so called version vectors count > the number of updates at each replication server, to keep replicas in > sync. > > > I don't know what "MAC" and information labels are. > They are 32-64 bit integers that indicates the sensitivity of the data. Information labels label the information. However they are not that important since nobody is currentlyimplementing them for linux. However, capabilities are important since they are already implemented (if not in the main kernel). Capabilities are 64-128 bit of information attached to executables saying what "super-user" privileges is is allowed to exercise. I think this can be implemented as an ACL with a special tag, but if you have some spare space you could think about reserving it for capabilities. Capabilities is a method where the super-user privileges are divided into lots of different "capabilities" such as the capability that lets a process set the time, the capability that lets a process bind to a reserved port etc. There are currently about 65 capabilities in the linux capabilities implementation. It would be nice if CODA could support some of the extended attributes that NFS can't. astor -- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/Received on 1997-12-10 10:15:56