1$FreeBSD$ 2 3 UFS Access Control Lists Copyright 4 5The UFS Access Control Lists implementation is copyright Robert Watson, 6and is made available under a Berkeley-style license. 7 8 About UFS Access Control Lists (ACLs) 9 10Access control lists allow the association of fine-grained discretionary 11access control information with files and directories, extending the 12base UNIX permission model in a (mostly) compatible way. This 13implementation largely follows the POSIX.1e model, and relies on the 14availability of extended attributes to store extended components of 15the ACL, while maintaining the base permission information in the inode. 16 17 Using UFS Access Control Lists (ACLs) 18 19Support for UFS access control lists may be enabled by adding: 20 21 options UFS_ACL 22 23to your kernel configuration. As ACLs rely on the availability of extended 24attributes, your file systems must have support for extended attributes. 25For UFS2, this is supported natively, so no further configuration is 26necessary. For UFS1, you must also enable the optional extended attributes 27support documented in README.extattr. A summary of the instructions 28and ACL-specific information follows. 29 30To enable support for ACLs on a file system, the 'acls' mount flag 31must be set for the file system. This may be set using the tunefs 32'-a' flag: 33 34 tunefs -a enable /dev/md0a 35 36Or by using the mount-time flag: 37 38 mount -o acls /dev/md0a /mnt 39 40The flag may also be set in /etc/fstab. Note that mounting a file 41system previously configured for ACLs without ACL-support will result 42in incorrect application of discretionary protections. Likewise, 43mounting an ACL-enabled file system without kernel support for ACLs 44will result in incorrect application of discretionary protections. If 45the kernel is not configured for ACL support, a warning will be 46printed by the kernel at mount-time. For reliability purposes, it 47is recommended that the superblock flag be used instead of the 48mount-time flag, as this will avoid re-mount isses with the root file 49system. For reliability and performance reasons, the use of ACLs on 50UFS1 is discouraged; UFS2 extended attributes provide a more reliable 51storage mechanism for ACLs. 52 53Currently, support for ACLs on UFS1 requires the use of UFS1 EAs, which may 54be enabled by adding: 55 56 options UFS_EXTATTR 57 58to your kernel configuration file and rebuilding. Because of filesystem 59mount atomicity requirements, it is also recommended that: 60 61 options UFS_EXTATTR_AUTOSTART 62 63be added to the kernel so as to support the atomic enabling of the 64required extended attributes with the filesystem mount operation. To 65enable ACLs, two extended attributes must be available in the 66EXTATTR_NAMESPACE_SYSTEM namespace: "posix1e.acl_access", which holds 67the access ACL, and "posix1e.acl_default" which holds the default ACL 68for directories. If you're using UFS1 Extended Attributes, the following 69commands may be used to create the necessary EA backing files for 70ACLs in the filesystem root of each filesystem. In these examples, 71the root filesystem is used; see README.extattr for more details. 72 73 mkdir -p /.attribute/system 74 cd /.attribute/system 75 extattrctl initattr -p / 388 posix1e.acl_access 76 extattrctl initattr -p / 388 posix1e.acl_default 77 78On the next mount of the root filesystem, the attributes will be 79automatically started, and ACLs will be enabled. 80