Re: (reiserfs) Re: NFSv4 ACLs (was: ...ACL's and reiser...)

Xuan Baldauf (xuan--reiserfs@baldauf.org)
Sun, 06 Aug 2000 15:52:19 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: can't mlockall() more than 128MB, is this a kernel limitiation ?"
Previous message: Russell King: "Re: IDE driver porting problems"

Hans Reiser wrote:

> Xuan Baldauf wrote:
> >
> > It sounds sophisticated, but you know what is happening if you want to change
> > access of some crowded directory (like "/usr", or "/home" on some systems)?
> > Every ACL of every file within this directory gets updated...
> >
> > Does nobody consider dynamic inheritance? Because when accessing a file, as
> > access of every path component needs to be checked anyway, dynamic inheritance
> > should not pose significant overhead, but is a LOT faster for updating, and
> > probably smarter regarding disk space. The default ACL for a file would be
> > "inherit all rights from parent", and for files with link count = 1, this ACL
> > metadata can be left out entirely (because it's the suggested default.)
> > (Leaving out the ACL metadata, may result in omitting checking for access,
> > probably making dynamic inheritance faster than static inheritance.)
> >
> > What do you think?
> We agree, and just wait for the code to get written.
>
> Hans

Tytso does not like the idea. And after some thinking about the issue, I can
understand him. It is because
(1) resolving from the bottom to the top might be more costly than static ACLs if no
path component checking is needed anymore (path component checking is UNIX's
Achilles Heel compared to NT) and
(2) there is no definite parent for files with n_link>1

But:

(2) can be resolved by explicitly defining the parent or by setting the ACL in the
directory entry rather than in stat_data

(1) can be circumvented by having a (persistent) ACL change cache in reiserfs. When
accessing a file, the cache (usually empty) is checked against wether the entry in
the cache applies to a particular file. If the cache entries do not apply to the
file, the files ACL is checked. This way you can always have inheriting ACLs, make
ACL changes of millions of files atomic. (Changes place an entry in the cache, and a
background thread changes the resolved ACL entries in every file.)

Xuân. :o)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: can't mlockall() more than 128MB, is this a kernel limitiation ?"
Previous message: Russell King: "Re: IDE driver porting problems"