07.28.04

ACL’s in Linux

Posted in English, Linux at 12:15 am by Rodrigo

Yesterday, at work, we needed some security policies to access files in a Linux server. Perfect time to deploy ACL support.. but first, I had to investigate how to do this.

First: Kernel support for ACLs

Right now (kernel 2.6.7), Linux has support for ACLs in all the major filesystems: ext2, ext3, reiserfs, jfs and my favorite: xfs (I will discuss this favoritism in another article). The support has to be enabled in the kernel, with the respective options:

  • CONFIG_{EXT2,EXT3,REISERFS}_FS_POSIX_ACL (which depend on CONFIG_{EXT2,EXT3,REISERFS}_FS_XATTR: filesystem extended attributes) for ext2, ext3 and reiserfs respectively,
  • CONFIG_JFS_POSIX_ACL for JFS, and
  • CONFIG_XFS_POSIX_ACL for XFS.

All of them, except XFS, use the same POSIX ACL kernel infrastructure for common system calls (option CONFIG_FS_POSIX_ACL). XFS uses its own, but it’s totally compatible (after all, all of them are POSIX ACLs), so the applications in user space see the same thing.

Second: The filesystem

The filesystems (at least the ones I tested: reiserfs and xfs) are not created with ACL support: this is added in a per-file basis only when one explicitly sets the ACL. The filesystems just have to be mounted with the “acl” option:

% mount -o acl /dev/foo /bar

As always, XFS does its own: if kernel support for ACLs in XFS is enabled, one doesn’t need to use the “acl” mount option, because it’s implicitly used (actually, ACLs can’t be disabled if the kernel support is enabled.. not that it matters too much, because the performance and disk cost is negligible).

Set the “acl” option in /etc/fstab for the filesystems you want ACL support enabled and the super-user configuration is over.

Third: Setting and Getting ACLs

Now we need application support. In Debian, SuSE and Fedora, the package is called ‘acl’, and it has the two commands we need to set and get ACLs: setfacl and getfacl (it has another command: chacl, but that is for IRIX compatibility only).

All files in an ACL-enabled filesystem have the default basic ACL, which corresponds exactly to the permissions given to the file in the non-ACL-enabled filesystem. This permissions can be read with getfacl, like this:

% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
group::r--
other::r--

You can see the permissions are the same that can be set with chmod: read, write and execute for user, group and other. The file name, owner and group can also be seen in the output.

Now the interesting part: files can have “extended ACLs”, which are an extension of the classical Unix permission model. For example, if I don’t want anyone to mess with my file, I usually use chmod 600 acl.txt, like this:

% chmod 600 acl.txt
% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
group::---
other::---

Now, I want to grant the permission to read and write my file to another user, “chacal”.. but we’re not in the same group! With the classical Unix model, I would have to create another group exclusively for me and chacal, add both users to the group, change the group ownership of the file to the new group and set the permissions of the file to 0640. With ACLs, I use:

% setfacl -m u:chacal:rw acl.txt
% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
user:chacal:rw-
group::---
mask::rw-
other::---

You can see that there are two new fields in the acl: another user and a mask. We see that this user, chacal, can read and write the file, like the owner. But the mask purpose is not so clear. It represents the maximum set of permissions all fields can have, except user:: and other::. The effective permissions given to chacal are what appears in user:chacal (rw-) and’ed with the mask (rw-). If we limit the mask:

% setfacl -m m::r acl.txt
% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
user:chacal:rw-                 #effective:r--
group::---
mask::r--
other::---

We see that though the user permissions still are ‘rw’, the mask only permits read, so that’s what chacal gets.

If we want to remove chacal permissions, we set his access to zero (setfacl -m u:chacal:- acl.txt) or we can remove him completely from the list (setfacl -x u:chacal acl.txt).

Regular files only have one kind of ACL, called the ‘access ACL’. Directories have two ACLs: the access ACL and the default ACL, which is used to set the initial ACL of new files created inside the directory (only for files created after the default ACL has been set). This default ACL is manipulated in the same way access ACLs are; we just have to put the ‘-d’ flag in the setfacl command.

% mkdir hello
% chmod 755 hello
% setfacl -d -m g::- hello
% setfacl -d -m o::- hello
% setfacl -d -m u:chacal:rx hello
% getfacl hello
# file: hello
# owner: rodrigo
# group: staff
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:chacal:r-x
default:group::---
default:mask::r-x
default:other::---

% cd hello
% touch bye
% getfacl bye
# file: bye
# owner: rodrigo
# group: staff
user::rw-
user:chacal:r-x                 #effective:r--
group::---
mask::r--
other::---

As you can see, the file has inherited its access ACL from the default ACL of its parent directory. The same happens with directories, though they also inherit the default ACL from their parent.

Fourth: Application support for ACLs

What happens with ACL support in existing applications? As far as I know, the usual kernel system calls (like open(2) or creat(2)) know about ACLs, and inherit them from the parent directory (if this directory has a default ACL).

Common applications like ls, cp, mv know about ACLs: mv moves ACLs even between filesystems of different type (xfs to reiserfs, etc.). cp with the -p (preserve) flag does the same. ls needs some explanation: when a file has a basic ACL, the output of ls is the same:

% ls -l bye
-rw-r--r--  1 rodrigo staff 0 Jul 28 16:23 bye

This means that the file ‘bye’ has read and write access to the owner (me), and read access for the members of the group ‘staff’ and for everyone else. If a file has an extended ACL, the output is:

% ls -l acl.txt
-rw-r-----+ 1 rodrigo staff 0 Jul 28 12:40 acl.txt
% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
user:chacal:rw-                 #effective:r--
group::---
mask::r--
other::---

As you can see, in this case the meaning of the fields is different. First, the presence of an extended ACL is displayed using a ‘+’ character after the permission fields. The permission fields are read in the same way as the basic ACL, except the middle one (the group permission), which is replaced by the mask of the ACL.

Other applications may or may not have support. Of the ones I tested, gzip, bzip2 and tar don’t have support. Files compressed or tar’ed using these tools lose their ACLs. For tar there is an alternative, star, which does ACLs and a couple of other things (complete unicode support and unlimited filename length, among others).

For python lovers (like me) there is a library which can be used to manipulate ACLs from inside an application: pylibacl (debian users: python-pylibacl).

This has been the exciting world of POSIX Access Control Lists.. See you!

07.12.04

Review: Silent Hill 2 (PC)

Posted in English, Juegos at 11:59 pm by Rodrigo

There are some things which should have never been made.

Luckily, this is not one of those.

This is the sequel of the game which redefined survival horror games.. at least the couple that existed back then when it appeared.

Welcome to Silent Hill.. again.

“In my restless dreams I see that town, Silent Hill..
You promised you’d take me there again someday, but you never did.
Well, I’m alone there now in our ‘special place’, waiting for you..”

This is how the game starts. You read a recent letter from your wife.. your late wife, which has died three years ago. A very intrigued James Sunderland (that’s you) travels to Silent Hill to find the author of this letter, but he finds something else.. something disturbing and not entirely human.

The game is very disturbing, specially because of one of your enemies, Pyramid Head. This.. creature, is one of the scariest creations in the history of videogames. When you see him for the first time, it’s behind some steel bars, looking at you, not moving. When you pass again by the bars, he’s not there. So you begin to wonder.. is he hunting me? And that’s when the fear begins to build up.

A very dark scenery, nice ambient sounds (sometimes, good music) and some very well designed monsters make this a very exciting experience. The story is quite good, actually, it’s a masterpiece in the world of games. It’s about love. The endings are excellent. I got the ‘Leave’ ending, where you.. well, play the game and you will know.

I cried.

When you’re playing, the story is unravelling before your eyes. There are clues, pieces of the great jigsaw of Silent Hill 2. They tend to appear more to the end of the game, and finally, in a place of great memories, you get a shocking revelation. The story IMHO, is better than the story of the first Silent Hill. It is not related, save by the town which happens to attract the.. unlucky ones.

I played the PC version which graphically is the best of the three versions (PS2, X-Box and PC). It’s a really good port, not requiring a extremely powerful machine, but with very good graphics nonetheless.

The audio is very good. It makes you very uneasy, and some special effects (like the ones in the Prison) are extremely disturbing and scary.

The gameplay is good. Some people complain about the controls, but you can remap all of them, even to a joystick or gamepad (I played using a PS2 gamepad with an USB connector, no force feedback). The menu is very accesible, and it’s easy to find everything you want. The map is nice, and very necessary, specially in some areas like the Labyrinth (amazing, no? :)).

I find this game better than the original. “Silent Hill” is scary, but in a “this is another world” sense. “Silent Hill 2” is very scary, in a “this is my own world, but something is very wrong here” sense. This makes the experience easy to assimilate, and more successful at making you uneasy.

In conclusion, this game is a must. For survival horror fans, and for people in general. It’s a bit short, but this is compensated by a very high replayability (multiple endings, hidden items and weapons, four difficulty levels) and a powerful story (but you must play it almost to the end to grasp all of it).

  • Game: Silent Hill 2
  • Platform: PC
  • Duration: 6 to 10 hours
  • Graphics: 9/10 (very good graphics)
  • Audio: 9/10 (nice audio.. disturbing)
  • Gameplay: 7/10 (some weird cameras, too simple fighting system)
  • Replayability: 10/10 (short games, a lot of options in each one).
  • Story: 10/10 (beautiful)
  • Overall: 9/10 (great game)