Paul B. Henson writes:
>
> I was curious if there was any utility or library function available to
> evaluate a ZFS ACL. The standard POSIX access(2) call is available to
> evaluate access by the current process, but I would like to evaluate an ACL
> in one process that would be able to determine whether or not some other
> user had a particular permission. Obviously, the running process would need
> to have read privileges on the ACL itself, but I'd rather not reimplement
> the complexity of actually interpreting the ACL. Something like:
>
> access("/path/to/file", R_OK, 400)
>
> Where 400 is the UID of the user whose access should be tested. Clearly
> there is already code to do so within the filesystem layer, given that
> privileges are enforced. It's probably unlikely, but I was hoping this code
> could be reutilized from a user level process to make the same
> determination rather than having to read the entire ACL, verify what groups
> the user is in, etc.
>
> Thanks for any suggestions...
>
I don't know if such a tool exists, but I'm in the process or writing one
(as part of a larger ACL admin tool) if you are intersted.
Ian
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
