175134Srwatson$FreeBSD$ 275134Srwatson 375134Srwatson UFS Access Control Lists Copyright 475134Srwatson 575134SrwatsonThe UFS Access Control Lists implementation is copyright Robert Watson, 675134Srwatsonand is made available under a Berkeley-style license. 775134Srwatson 875138Srwatson About UFS Access Control Lists (ACLs) 975134Srwatson 1075134SrwatsonAccess control lists allow the association of fine-grained discretionary 1175134Srwatsonaccess control information with files and directories, extending the 1275134Srwatsonbase UNIX permission model in a (mostly) compatible way. This 1375134Srwatsonimplementation largely follows the POSIX.1e model, and relies on the 1475134Srwatsonavailability of extended attributes to store extended components of 1575134Srwatsonthe ACL, while maintaining the base permission information in the inode. 1675134Srwatson 1775138Srwatson Using UFS Access Control Lists (ACLs) 1875134Srwatson 1975134SrwatsonSupport for UFS access control lists may be enabled by adding: 2075134Srwatson 2175134Srwatson options UFS_ACL 2275134Srwatson 2375134Srwatsonto your kernel configuration. As ACLs rely on the availability of extended 24105416Srwatsonattributes, your file systems must have support for extended attributes. 25105416SrwatsonFor UFS2, this is supported natively, so no further configuration is 26105416Srwatsonnecessary. For UFS1, you must also enable the optional extended attributes 27105416Srwatsonsupport documented in README.extattr. A summary of the instructions 28105416Srwatsonand ACL-specific information follows. 2975134Srwatson 30105416SrwatsonTo enable support for ACLs on a file system, the 'acls' mount flag 31105416Srwatsonmust be set for the file system. This may be set using the tunefs 32105416Srwatson'-a' flag: 33105416Srwatson 34105416Srwatson tunefs -a enable /dev/md0a 35105416Srwatson 36105416SrwatsonOr by using the mount-time flag: 37105416Srwatson 38105416Srwatson mount -o acls /dev/md0a /mnt 39105416Srwatson 40105416SrwatsonThe flag may also be set in /etc/fstab. Note that mounting a file 41105416Srwatsonsystem previously configured for ACLs without ACL-support will result 42105416Srwatsonin incorrect application of discretionary protections. Likewise, 43105416Srwatsonmounting an ACL-enabled file system without kernel support for ACLs 44105416Srwatsonwill result in incorrect application of discretionary protections. If 45105416Srwatsonthe kernel is not configured for ACL support, a warning will be 46105416Srwatsonprinted by the kernel at mount-time. For reliability purposes, it 47105416Srwatsonis recommended that the superblock flag be used instead of the 48105416Srwatsonmount-time flag, as this will avoid re-mount isses with the root file 49105416Srwatsonsystem. For reliability and performance reasons, the use of ACLs on 50105416SrwatsonUFS1 is discouraged; UFS2 extended attributes provide a more reliable 51105416Srwatsonstorage mechanism for ACLs. 52105416Srwatson 53105456SrwatsonCurrently, support for ACLs on UFS1 requires the use of UFS1 EAs, which may 54105416Srwatsonbe enabled by adding: 55105416Srwatson 5675134Srwatson options UFS_EXTATTR 5775134Srwatson 58105416Srwatsonto your kernel configuration file and rebuilding. Because of filesystem 59105416Srwatsonmount atomicity requirements, it is also recommended that: 6075134Srwatson 6175134Srwatson options UFS_EXTATTR_AUTOSTART 6275134Srwatson 6375134Srwatsonbe added to the kernel so as to support the atomic enabling of the 6496755Strhodesrequired extended attributes with the filesystem mount operation. To 6575134Srwatsonenable ACLs, two extended attributes must be available in the 6675134SrwatsonEXTATTR_NAMESPACE_SYSTEM namespace: "posix1e.acl_access", which holds 6775134Srwatsonthe access ACL, and "posix1e.acl_default" which holds the default ACL 68105456Srwatsonfor directories. If you're using UFS1 Extended Attributes, the following 6975134Srwatsoncommands may be used to create the necessary EA backing files for 7096755StrhodesACLs in the filesystem root of each filesystem. In these examples, 7196755Strhodesthe root filesystem is used; see README.extattr for more details. 7275134Srwatson 7387133Srwatson mkdir -p /.attribute/system 7475134Srwatson cd /.attribute/system 7575134Srwatson extattrctl initattr -p / 388 posix1e.acl_access 7675134Srwatson extattrctl initattr -p / 388 posix1e.acl_default 7775134Srwatson 7896755StrhodesOn the next mount of the root filesystem, the attributes will be 7975134Srwatsonautomatically started, and ACLs will be enabled. 80