Richacls are an implementation of NFSv4 ACLs which has been extended by file masks to more easily fit the standard POSIX file permission model. The main goal is to provide a consistent file permission model locally as well as over various remote file system protocols like NFSv4 and CIFS; this is expected to significantly improve interoperability in mixed operating system environments, both when Linux is used as a client and as a server.
Richacls share a number of properties with POSIX ACLs, but they go beyond POSIX ACLs in several ways. Converting from POSIX ACLs to richacls is relatively easy, but converting back from richacls to POSIX ACLs is not possible without losing information.
In the current implementation, richacls can be enabled for an entire file system. Once enabled, the file system supports richacls instead of POSIX ACLs; a file system never supports both models at the same time.
Richacls exist in the form of out-of-tree patches for the Linux kernel. The kernel patches include experimental support for the ext4 file system and the nfsv4 client and server. Online conversion from POSIX ACLs to richacls is also supported.
On the user-space side, we have a basic command-line utility for displaying and modifying richacls. Unlike with Linux NFSv4 ACLs today, the kernel to user-space interface is the same locally and remotely, and the same tool can be used on both sides.
Support for Samba has not been implemented yet, but Samba patches for nfs4acls, the predecessor project of richacls which shares the same design and much of the code base, can be found here.
The richacl developers can frequently be found on IRC on irc.freenode.net, channel richacl.
The kernel and user-space code can be found here:
Build and optionally install the richacl user-space tools. (If you chose not to install the richacl command-line utility, you will have to specify the full path to the build directory instead.)
Create a new ext4 file system image and mount it with the richacl mount option, or mount an existing file system image with this option.
Note that only the richacl-fullset branch will convert existing POSIX ACLs into richacls; with the other branches, existing POSIX ACLs will become hidden.
Also note that the richacl mount option may be replaced by a richacl file system feature flag: the reasoning behind this is that it does not make sense to mount a POSIX ACL file system in richacl mode or vice versa in production use, and switching between modes would usually be a mistake when you are not only trying out this richacls.
File system feature flags can be displayed, enabled and disabled with tune2fs (if e2fsprogs already know about the feature) or debugfs. In debugfs, the features command shows the current features, the features feature command enables an additional feature, and the features -feature command disabled a feature.
If you are using a version of e2fsprogs which knows about the richacl feature, use that as the feature name. Otherwise, use the generic name FEATURE_C9. Note that this flag has not been officially reserved yet, and so the number may change in the future.
A number of examples showing how richacls work in practice can be found here.
The design of richacls is documented in NFSv4 ACLs in POSIX. This design dates back to 2006, and has been already been implemented in nfs4acls, the successor project of richacls. It is based on NSFv4 ACLs, with elements from POSIX ACLs in order to make it compatible with the POSIX file permission model and usable as a local file permission model.
The OLS 2010 conference paper (see below) explains the need for a new permission model and the rationale for the richacl design in more detail.
The POSIX 1003.1e / 1003.2c draft 17 documents which describe POSIX ACLs, which have influenced the richacl design, can be found here. An overview of POSIX ACLs on Linux can be found here).
The implementation realizes this design, and includes some optimizations which keep the resulting acls smaller and easier to understand than with the algorithms straight from the design document. Explanations of the algorithms and optimiations are included in the commit messages and in comments in the source code.
Richacls have been presented at the Ottawa Linux Symposium 2010 by Greg Banks (link to the presentation slot). Greg's publications list includes the conference paper and slides he has used under the heading “Implementing An Advanced Access Control Security Model in Linux”.
Copyright (C) Andreas Grünbacher <firstname.lastname@example.org>, July-September 2010