5.1.5.2.8 ACL enforcement
The ext3_permission() function uses ACLs to enforce DAC. The algorithm goes through the
following steps:
1. Performs checks such as “no write access if read-only file system” and “no write access if the file is
immutable.”
2. For ext3 file systems, the kernel calls the ext3_get_acl() to get the ACL corresponding to the
object. ext3_get_acl() calls ext3_xattr_get(), which in turn calls
ext3_acl_from_disk() to retrieve the extended attribute from the disk. If no ACL exists, the
kernel follows the permission bits algorithm described previously.
3. For ext3 file systems, the kernel invokes posix_acl_permission(). It goes through the
following algorithm:
If the file system user ID of the process matches the user ID of the file object owner,
then
if the ACL_USER_OBJ entry contains the requested permissions, access is granted,
else access is denied.
else if the file system user ID of the process matches the qualifier of any entry of type ACL_USER,
then
if the matching ACL_USER entry and the ACL_MASK entry contain the requested permissions, access
is granted,
else access is denied.
else if the file system group ID or any of the supplementary group IDs of the process match the
qualifier of the entry of type ACL_GROUP_OBJ, or the qualifier of any entry of type ACL_GROUP,
then
if the ACL_MASK entry and any of the matching ACL_GROUP_OBJ or ACL_GROUP entries contain
all the requested permissions, access is granted,
else access is denied.
else if the ACL_OTHER entry contains the requested permissions, access is granted.
else access is denied.
The ACL checking function cycles through each ACL entry to check if the process is authorized to access the
object in the attempted mode. Root is always allowed to override any read or write access denials based an
ACL entry. Root is allowed to override an attempted execute access only if an execute bit is set for owner,
group, or other.
For example, consider a file named /aclfile, with mode of 640. The file is owned by root and belongs to
the group root. Its default ACL, without the extended POSIX ACL, would be:
# owner: root
# group: root
user:: rw-
group::r--
other::---
The file is readable and writeable by the root user, and readable by users belonging to the root group. Other
users have no access to the file. With POSIX ACLs, a more granular access control can be provided to this
50