Professional Web Applications Themes

Who is using ACLs in production? - FreeBSD

Anyone using ACLs in production on FreeBSD 5.x? If so, how do you use them, and what are your impressions? How do they affect performance, how reliable is the code, does it really help security, etc.? I've enabled them on my test system to see how they work. Also, if someone can tell me why tunefs refuses to enable ACLs on the root filesystem, I'd appreciate it. I get # tunefs -a enable /dev/da0s1a tunefs: ACLs set tunefs: /dev/da0s1a: failed to write superblock I get the same error if I try to set ACLs on just '/', and the error ...

  1. #1

    Default Who is using ACLs in production?

    Anyone using ACLs in production on FreeBSD 5.x? If so, how do you use
    them, and what are your impressions? How do they affect performance,
    how reliable is the code, does it really help security, etc.?

    I've enabled them on my test system to see how they work.

    Also, if someone can tell me why tunefs refuses to enable ACLs on the
    root filesystem, I'd appreciate it. I get

    # tunefs -a enable /dev/da0s1a
    tunefs: ACLs set
    tunefs: /dev/da0s1a: failed to write superblock

    I get the same error if I try to set ACLs on just '/', and the error is
    the same in both single-user and multiuser modes. If I mount /
    read-only, I can set ACLs and verify it with tunefs -p, but after I
    reboot, the ACLs are disabled again. What do I have to do to enable
    ACLs on /?

    --
    Anthony


    Anthony Guest

  2. #2

    Default Re: Who is using ACLs in production?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On 2005-03-13, Anthony Atkielski scribbled these
    curious markings: 

    While not a "traditional" production environment, my 5.x webserver uses
    ACLs to keep user home directories relatively private but accessible at
    the same time. I didn't want to open up my home directory to every user
    on the system. But at the same time I didn't want to set my files to
    group www. ACLs provide a nice middle ground in that sort of situation.

    Best Regards,
    Christopher Nehren
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iD8DBQFCNIgUk/lo7zvzJioRAjh1AJ9z1tn23YSbKNmFlF8ef8f/ERReaACgmZGH
    x0X6e2WdHTXORTDlSPUtwXw=
    =Re5U
    -----END PGP SIGNATURE-----

    --
    I abhor a system designed for the "user", if that word is a coded
    pejorative meaning "stupid and unsophisticated". -- Ken Thompson
    If you ask the wrong questions, you get answers like "42" and "God".
    Unix is user friendly. However, it isn't idiot friendly.

    Christopher Guest

  3. #3

    Default Re: Who is using ACLs in production?

    On Sun, Mar 13, 2005 at 01:20:06PM +0100, Anthony Atkielski typed: 

    I installed many samba servers in small-to-medium sized offices. All have
    ACL's enabled and there have been no complaints about performance or
    stability. Which is understandable, regarding the fact these samba servers
    where mostly replacing NT or w2k fileservers on the same or equivalant
    hardware.
    Improved security I don't know. It does emulate windows' file permission
    quite nicely though.

    Ruben

    Ruben Guest

Similar Threads

  1. Directory size - Security ACLs causing Endless loop
    By Phil in forum ASP.NET Security
    Replies: 3
    Last Post: September 8th, 05:57 AM
  2. Replies: 2
    Last Post: July 19th, 10:15 PM
  3. Using LDAP Query Groups to populate (or emulate) NTFS ACLs
    By Peter L. Thomas in forum Windows Server
    Replies: 0
    Last Post: June 18th, 02:43 PM
  4. Setting ACLs for aspnet user for sending smtp mail
    By Eric in forum ASP.NET Security
    Replies: 0
    Last Post: July 21st, 05:36 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139