First page Back Continue Last page Overview Graphics
Different ACL mapping strategies
Storing the raw Windows ACL on disk would be the preferred solution.
- Setting UNIX permissions would cause a mapping to a Windows or NFSv4 style ACL representing the requested permission set.
- Setting POSIX ACLs is more difficult as the best case is a snapshot of group membership. It remains to be seen how widely used POSIX ACLs will become.
- In order for the kernel to perform access checks the process tokens must contain the identical principal type as stored on disk.
- Principal type conversion is too difficult and expensive to do in kernel space.