Richacls - Native NFSv4 ACLs on Linux

Richacls are an implementation of NFSv4 ACLs which has been extended by file masks to better fit the standard POSIX file permission model. The main goal is to provide a consistent file permission model locally as well as over various remote file system protocols like NFSv4 and CIFS; this is expected to significantly improve interoperability in mixed operating system environments, both when Linux is used as a client and as a server.

Richacls share some design elements with POSIX ACLs, but they go beyond POSIX ACLs in several ways. Converting from POSIX ACLs to richacls is relatively easy, but converting back from richacls to POSIX ACLs is not possible without losing information.

Richacls can be enabled for an entire file system. Once enabled, that file system supports richacls instead of POSIX ACLs; a file system never supports both models at the same time.

Status

Richacls exist in the form of out-of-tree patches for the Linux kernel, a user-space utility for getting and setting richacls, and changes to the coreutils package for richacl support in the ls and cp utilities. The kernel patches currently include experimental support for the ext4, nfs, and nfsd file systems.

Code for supporting richacls in samba, xfs, and newpynfs exists, but more work is needed in those areas.

Download

Getting Started

1. Build the richacl branch of the kernel repository. Make sure to enable the CONFIG_EXT4_FS_RICHACL configuration option.
2. Build and install the richacl user-space tools.
3. Optionally, build and install the modified coreutils package with richacl support. With that, ls -l will indicate when a file has a richacl just as for posix acls, and cp --preserve=mode will preserve richacls as well.
   Note that this step depends on the previous step; if librichacl is not installed, coreutils will build with richacls disabled!
4. Choose an existing or create a new ext4 file system for testing.
5. Build and install a version of e2fsprogs with support for the richacl feature flag (optional).
6. Select richacl support on that file system by enabling the richacl feature flag. Note that this will hide existing posix acls on the file system; they will become ineffective.
   • When using a version of e2fsprogs that supports the richacl feature flag, enable the feature with "tune2fs -O richacl /dev/filesystem". The feature can be disabled again with "tune2fs -O ^richacl /dev/filesystem".
   • When using a version of e2fsprogs without support for the richacl feature flag, you can set the feature flag with the following debugfs commands. (Note that an unpatched version of e2fsck will refuse to check a file system with this feature set.)

     open -f -w /dev/filesystem
     feature FEATURE_I17
     quit
     

7. Optionally, also set the "acl" default mount option with "tune2fs -o acl /dev/filesystem".
8. Mount the ext4 file system.
   Use the richacl command-line utility for getting and setting richacls.
   A number of examples showing how richacls work in practice can be found here.

More About Richacls

The richacl package includes the following manual pages:

• richacl.7
• getrichacl.1
• setrichacl.1

The design of richacls is documented in NFSv4 ACLs in POSIX. This design dates back to 2006, and has already been implemented in nfs4acls, the predecessor project of richacls.

Richacls have been presented at the Ottawa Linux Symposium 2010 by Greg Banks (link to the presentation slot). Greg's publications list includes the conference paper and slides he has used under the heading “Implementing An Advanced Access Control Security Model in Linux”.

The POSIX 1003.1e / 1003.2c draft 17 documents which describe POSIX ACLs, which have influenced the richacl design, can be found here. An overview of POSIX ACLs on Linux can be found here).

Copyright (C) Andreas Grünbacher <agruen@kernel.org>, October 2015