>> You should probably make sure that you just don't keep continually >> adding the same entry over and over again to the ACL. With NFSv4 ACLs >> you can insert the same entry multiple times and if you keep doing it >> long enough you will eventually get an error back when you reach the >> ACE limit on the file. > > Note that logindevperm will reset the ownership and permission of the > file each time a user logs in or out. I guess I was assuming this would > reset the ACL's as well. Is this not the case? >
Yes, it also changes the owner and group. > At any rate, it wouldn't hurt to check to see if the ACL is there already. > Do you have a code example that shows how to do that? > Nope, but you should be able to just use access(2) to determine if you need to add the ACL entry. >> There is code in libdevinfo called setdevaccess() that will strip off >> all ACEs on a device file via acl_strip(3sec). The setdevaccess() >> interface is called by di_devperm_login(). Does gdm use that interface? > > Yes, does this mean that the ACL's are getting reset anyway each time a > user logs in? If so, then I don't think there is a real need to worry > about the ACL list getting too long. Since logindevperm is only used > for console login, there wouldn't be any issues (for example) in a > Sun Ray environment where multiple login screens would be showing > and calling the ACL list at the same time. > > Brian > _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
