[Acl-Devel] access control for networked file server

[Fantoosh B]

Dear all,

I am writing a user-level networked file system with a user-level networked
file server. My server simply receives requests from its clients over TCP
and performs the necessary requested operations on the files stored locally
at the server. Right now the server is not run as root, but it can be, if
necessary.

I want to add support for POSIX ACL to the server and I am not able to
figure out what would be the best way to do it. I need some advise for this.

I was thinking of using one of the two options:

1) Since the server is running at user-level, let the underlying file system
take care of the access control. I am using reiserfs as the underlying file
system, which supports posix acls. But the problem is following: while
performing file system operations (such as read, write, open etc) how can
the file server supply to the underlying OS/FS the userid and groupid of the
user that is requesting the operation? Because the userid and groupid of the
requester should be used to check acls and not the effective userid and
groupid of my file server process. Is it possible to tell the underlying
fs/os to use a particular <userid, groupid> rather than the one used by the
server?


2) If the file server cannot specify the <userid, groupid> for every file
system call, then I can do the following: I can create a userid and groupid
that will be the effective userid and groupid of the file server. All files
created on the server will always have ACL_USER_OBJ and  ACL_GROUP_OBJ as
this userid and groupid. This userid and groupid will have full permissions
on the files, but only the file server will be able to use these ids. Thus,
when the underlying OS/FS checks for acl the permissions will be always
granted.

Now the check/set user's access permissions, my file server will use the
functions provided in  acl(5) to manipulate acls. The file server will check
if the user has appropriate permissions, and if yes perform the
read/write/open system calls during which the OS/FS will use the <userid,
groupid> of the file server which has full permissions.

Thus, there will be two levels of acls - one with default userid, groupid
will be used to make sure that the OS grants the file server all rights for
the files *created* at the server and the second level is the acls
maintained by my file server which will be used by the file server to check
of the requester has the necessary permissions.

Can anyone please suggest whether the first approach is feasible and whether
the second approach is sensible or not? Your help will be greatly
appreciated.

Thanks.

-- Fantoosh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://acl.bestbits.at/pipermail/acl-devel/attachments/20070603/67a9dfdb/attachment.html