[PATCH] Support for POSIX ACL in kioslave/file and kio/kio

Till Adam adam at kde.org
Sun Aug 7 10:56:36 BST 2005 

Heya folks,

please find attached two patches, one against kdelibs/kioslave/file and one 
against kdelibs/kio, which together implement support for managing POSIX ACLs 
on filesystems that support it. Please review, I'll then merge this into 3.5.

The backend is based off of patches by György Szombathelyi and the frontend 
(kio/kfile/kacleditwidget) makes liberal use of work done by Sean Harmer in 
playground/base/acldlg. All bugs are mine, of course.

As for the details of the patches, I guess the kioslave bits should be pretty 
self-explanatory. When reading, ACLs are shipped to the user via three new 
atom types, while writing is done by setting two metadata strings when 
issuing a chmod job (ACL_STRING and DEFAULT_ACL_STRING). There is a special 
value for deleting a previously present ACLs. The format of these strings is 
that of the POSIX ACL string representation, as defined in POSIX draft 
1003.1e/1003.2c.

To encapsulate all of the acl string parsing and manipulation, and to localize 
the libacl and sys/acl.h includes I've done a KACL class, which offers a nice 
interface to ACL munging and all kinds of convenience. User code (such as the 
stuff in kio/kfile only needs kacl.h. KACLs can easily be created from the 
abovementioned POSIX strings.

There's a full test suite for KACL and an extension of KioslaveTest for the 
three new atoms.

There's extensions to KFileItem for setting and getting ACL and defaultACL.

The frontend aims to integrate seamlessly with the existing interface. If the 
underlying filesystem supports setting ACLs the group of checkboxes in the 
"Advanced properties" is replaced (not really replaced, the special bits 
stay) by a listview, which allows adding, removing and editing of entries and 
inline toggling of permission bits. This widget takes much care to not allow 
illegal (combinations of) entries, it automatically adds entries when the 
underlying acl lib would add them as well (properly autocalculated mask 
entries appear when you add the first extended entry, for example), you can't 
add an entry for a user or group more than once, etc. The Advanced 
Permissions keeps state between invocations, the main "Ok" does the actual 
chmod, as before. The state of the three newbie combos, as I affectionately 
call them, is kept in sync with the acl editing widget.

Recursive applying of ACL changes to directories and all files/dirs in them 
works.

Limitations/TODO:
 o it currently only works for a single file (no support for "partial" 	   
   handling), that's the next thing I'd like to tackle once this is in
 o the users and groups are offered as comboboxes, which has scalability
   issues, I'm planing to offer a lineedit with completion when the number
   of available users/groups exceeds a certain limit
 o there might be BIC issues, I haven't checked carefully yet, if there are,
   I'll fix them, of course
 o the configure checks aren't done yet, I guess this needs to be a compile 
   time option
 o there is a set of trivial kdebase patches to make the various konqueror
   views show a little "+" next to the permissions string, if there's an
   extended ACL on a file, I'll merge that once these patches are in

Longer term plans:
 o extend it to samba, nfs, etc


I'd be grateful for any testing and feedback that you might be able to spare.

Cheerio,

Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: POSIX-ACL-support-kioslave.diff
Type: text/x-diff
Size: 14474 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20050807/04fa5b06/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: POSIX-ACL-support-kio.diff
Type: text/x-diff
Size: 128455 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20050807/04fa5b06/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20050807/04fa5b06/attachment.sig>

More information about the kfm-devel mailing list