Update instructions for ACLs given recent tunefs, mount changes. Also

note that UFS2 doesn't require explicit extended attribute configuration,
and is recommends for this and other reasons if you plan to use ACLs.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

1 files changed, 33 insertions, 5 deletions

diff --git a/sys/ufs/ufs/README.acls b/sys/ufs/ufs/README.acls
index cd22878..d921bd7 100644
--- a/sys/ufs/ufs/README.acls
+++ b/sys/ufs/ufs/README.acls
@@ -21,14 +21,42 @@ Support for UFS access control lists may be enabled by adding:
 	options UFS_ACL
 
 to your kernel configuration.  As ACLs rely on the availability of extended
-attributes, you must also enable support for extended attributes on the
-underlying filesystem.  Currently, this requires the use of UFS EAs, which
-may be enabled by adding:
+attributes, your file systems must have support for extended attributes.
+For UFS2, this is supported natively, so no further configuration is
+necessary.  For UFS1, you must also enable the optional extended attributes
+support documented in README.extattr.  A summary of the instructions
+and ACL-specific information follows.
+
+To enable support for ACLs on a file system, the 'acls' mount flag
+must be set for the file system.  This may be set using the tunefs
+'-a' flag:
+
+	tunefs -a enable /dev/md0a
+
+Or by using the mount-time flag:
+
+	mount -o acls /dev/md0a /mnt
+
+The flag may also be set in /etc/fstab.  Note that mounting a file
+system previously configured for ACLs without ACL-support will result
+in incorrect application of discretionary protections.  Likewise,
+mounting an ACL-enabled file system without kernel support for ACLs
+will result in incorrect application of discretionary protections.  If
+the kernel is not configured for ACL support, a warning will be
+printed by the kernel at mount-time.  For reliability purposes, it
+is recommended that the superblock flag be used instead of the
+mount-time flag, as this will avoid re-mount isses with the root file
+system.  For reliability and performance reasons, the use of ACLs on
+UFS1 is discouraged; UFS2 extended attributes provide a more reliable
+storage mechanism for ACLs.
+
+Currently, support for ACLs on UFS requires the use of UFS EAs, which may
+be enabled by adding:
 
 	options UFS_EXTATTR
 
-to your kernel.  Because of filesystem mount atomicity requirements,
-it is also recommended that:
+to your kernel configuration file and rebuilding.  Because of filesystem
+mount atomicity requirements, it is also recommended that:
 
 	options UFS_EXTATTR_AUTOSTART