I asked a while back if there was any utility function to evaluate a ZFS
ACL, I didn't get much of a response and was unable to find anything, so
decided to implement my own C code.
It appears the acl_get() function is a convenient way to read the ACL;
however, I don't see an efficient way to parse the data structure returned.
The function returns an "acl_t *", which is defined in <sys/acl.h> as
"typedef struct acl_info acl_t;"
The acl_info struct does not appear to be defined in any header files
shipped with Solaris 10. Browsing the opensolaris code base, I found the
definition in <sys/acl_impl.h> to be:
struct acl_info {
acl_type_t acl_type; /* style of acl */
int acl_cnt; /* number of acl entries */
int acl_entry_size; /* sizeof acl entry */
int acl_flags; /* special flags about acl */
void *acl_aclp; /* the acl */
};
Is the acl_t intentionally designed to be opaque? It seems the only thing I
can do with it is pass it to acltotext(), which will return a text string
describing the ACL.
It doesn't seem particularly efficient to pass a C structure to a function
that converts it to a string, and then use C code to parse the text string.
I would prefer to directly access the acl_info structure.
On the other hand, it appears all of the information necessary to use the
acl(2) system call is present with Solaris 10. However, that is a rather
raw and basic interface to the ACL, requiring some extra code wrapped
around it to make it useful.
The exact same code that's probably in acl_get(), and it seems redundant to
duplicate it.
So either I use the raw underlying system call, which is less than
desirable, or I use acl_get() but have to perform text parsing, which is
less than desirable.
I think I'm inclined to simply copy the data structure definition from
<sys/acl_impl.h> into my code so I can access the acl_t directly, which
probably isn't recommended and will no doubt break if the internal
implementation changes; but it seems the effort to fix it when it breaks
would be less than either the effort to use the underlying system call or
the effort to parse the text.
Unless I'm missing something? Thanks for any feedback...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | [EMAIL PROTECTED]
California State Polytechnic University | Pomona CA 91768
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
