This document discusses access control lists (ACLs) and how GlusterFS supports them. It describes Unix permissions, POSIX ACLs, Windows ACLs, NFSv4 ACLs, and RichACL. RichACL supports more granular permissions than POSIX ACLs and can represent NFSv4 and Windows ACLs. The document outlines challenges for GlusterFS in supporting RichACL, such as needing to convert existing ACLs and limited extended attribute size. It was presented by Rajesh Joseph from the GlusterFS development team.

1. RichACL & Gluster
Rajesh Joseph
GlusterFS Dev Team

2. 05/22/15
AGENDA
● Unix Permission Model
● POSIX. 1e ACL
● Windows ACL
● NFSv4 ACL
● RichACL
● Gluster & RichACL
● Q&A

3. 05/22/15
Unix Permission Model
● Standardized in POSIX. 1
● Permissions based on three classes:
– User
– Group
– Others
● Read (r), Write (w) and execute (x) permission bits
● Separate namespaces for UIDs and GIDs

4. 05/22/15
POSIX.1e ACL
● More flexible
● ACL is variable length list of ACEs (Access Control Entries)
● Types of ACL entries
– Owner (user::rwx)
– Named User (user:<name>:rwx)
– Owning Group (group::rwx)
– Named Group (group:<name>:rwx)
– Mask (mask::rwx)
– Others (other::rwx)

5. 05/22/15
POSIX.1e ACL
● Only ALLOW mode with three permission bits
– Read (r)
– Write (w)
– Execute (x)
● Minimal ACL
● Extended ACL

6. POSIX.1e ACL
r w - r - - - - -
O
w
ner C
lass
O
ther C
lass
G
roup
C
lass
Minimal
Acess Control List
User::rw-
Other::r--
Group::r--

7. POSIX.1e ACL
r w - r w - - - -
O
w
ner C
lass
O
ther C
lass
G
roup
C
lass
Extended
Acess Control List
User::rw-
Group::r--
User:joe:rw-
Other::---
mask::rw-

8. 05/22/15
POSIX.1e ACL
● Directories have another ACL – Default ACL
– Looks similar to normal ACL
– Not user for enforcing
● Effects of Default ACL
– A subdirectory inherits the default ACLs of the parent directory both
as its default ACLs and as an access ACLs
– A file inherits the default ACLs as its access ACLs.

9. 05/22/15
Windows ACL
● Two types of ACL
– Discretionary Access Control List (DACL)
– System Access Control List (SACL)
● Users, groups identified by Security Identifiers (SID)
– Users and groups share the same namespace
● Three types of ACE (Access Control Entries)
– Access Allowed (ALLOW)
– Access Denied (DENY)
– System Audit (AUDIT)

10. 05/22/15
Windows ACL
● Lot of more granular control
– Change permissions
– Take ownership
– Traverse folders / Execute files
– List folders / Read data
– Read attributes
– Read extended attributes
– Read permissions

11. 05/22/15
Windows ACL
● Lot of more granular control
– Create files / Write data
– Create folders / Append data
– Write attributes
– Write extended attributes
– Delete sub-folders and files
– Delete
– Syncronize

12. 05/22/15
Windows ACL
● ACL order matters
● Each ACE is associated with a SID
● Special SIDs Everyone, FileCreators, etc.
● Each ACE has flags which tells inheritance rules
– OBJECT_INHERIT_ACE – files inherit ACE
– CONTAINER_INHERIT_ACE – folders inherit ACE
– INHERIT_ONLY_ACE – User only for inheritance
– INHERITED_ACE – All inherited ACE will have this flag

13. 05/22/15
NFSv4 ACL
● Based on Windws ACL
● Same permissions bits as Windows
– Plus two in NFSv4.1
● Similar ACE types to Windows:
– ALLOW
– DENY
– AUDIT
– ALARM

14. 05/22/15
NFSv4 ACL
● Users, groups identified by principals.
● A principal is either
– Named user (e.g. joe@example.com)
– Group
– Special principals
– OWNER@
– GROUP@
– EVERYONE@
● Use ACE flags similar to Windows

15. 05/22/15
RichACL
● Similar to NFSv4 ACL
● Users, groups identified by Unix numerical IDs.
● ACE order is important
● Same 14 permission bits as NFsv4
● Supports same three file class as POSIX.1
– owner
– group
– others

16. 05/22/15
RichACL
● Each file class is associated with a file mask (16b) for each RichACL
permission
● Each mask is an upper bound on granted permissions for its class
● RichACL supports EVERYONE@ instead of OTHER class

17. 05/22/15
GlusterFS ACL
● Gluster supports POSIX ACL
● Implemented as a translator
● ACLs are stored in back-end file-system using EA (Extended
attributes)
● To support POSIX ACL, the volume must be mounted with acl option
mount –t glusterfs ­o acl <severname:volume­id> <mount point>

18. 05/22/15
GlusterFS & RichACL
● Gluster supports multiple access protocols - Fuse, NFS, SMB.
● All three access protocols uses different ACLs
● POSIX.1e cannot represent NFSv4 and SMB (Windows) ACL because
of its limited set of permission bits.
● RichACL is one step closer towards multi-protocol access.

19. 05/22/15
GlusterFS & RichACL
● Challenges and/or design considerations
– Gluster can support either POSIX.1e ACL or RichACL, but not both
– File-system migration needed to convert existing ACL to RichACL
– Once converted to RichACL the file-system cannot be converted
back to POSIX.1e ACL without information loss.
– RichACL Enforcement logic should go in Gluster to support
underlying file-system which does not support RichACL.
– Limited size of extended attributes (EA)

20. 05/22/15
References
● http://www.bestbits.at/richacl/
● http://www.fmeh.org/ols-2010-implementing-richacl-paper.pdf
● https://github.com/andreas-gruenbacher/richacl/

21. 05/22/15
Q & A