summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/ufs/ufs/README.acls38
1 files changed, 33 insertions, 5 deletions
diff --git a/sys/ufs/ufs/README.acls b/sys/ufs/ufs/README.acls
index cd22878..d921bd7 100644
--- a/sys/ufs/ufs/README.acls
+++ b/sys/ufs/ufs/README.acls
@@ -21,14 +21,42 @@ Support for UFS access control lists may be enabled by adding:
options UFS_ACL
to your kernel configuration. As ACLs rely on the availability of extended
-attributes, you must also enable support for extended attributes on the
-underlying filesystem. Currently, this requires the use of UFS EAs, which
-may be enabled by adding:
+attributes, your file systems must have support for extended attributes.
+For UFS2, this is supported natively, so no further configuration is
+necessary. For UFS1, you must also enable the optional extended attributes
+support documented in README.extattr. A summary of the instructions
+and ACL-specific information follows.
+
+To enable support for ACLs on a file system, the 'acls' mount flag
+must be set for the file system. This may be set using the tunefs
+'-a' flag:
+
+ tunefs -a enable /dev/md0a
+
+Or by using the mount-time flag:
+
+ mount -o acls /dev/md0a /mnt
+
+The flag may also be set in /etc/fstab. Note that mounting a file
+system previously configured for ACLs without ACL-support will result
+in incorrect application of discretionary protections. Likewise,
+mounting an ACL-enabled file system without kernel support for ACLs
+will result in incorrect application of discretionary protections. If
+the kernel is not configured for ACL support, a warning will be
+printed by the kernel at mount-time. For reliability purposes, it
+is recommended that the superblock flag be used instead of the
+mount-time flag, as this will avoid re-mount isses with the root file
+system. For reliability and performance reasons, the use of ACLs on
+UFS1 is discouraged; UFS2 extended attributes provide a more reliable
+storage mechanism for ACLs.
+
+Currently, support for ACLs on UFS requires the use of UFS EAs, which may
+be enabled by adding:
options UFS_EXTATTR
-to your kernel. Because of filesystem mount atomicity requirements,
-it is also recommended that:
+to your kernel configuration file and rebuilding. Because of filesystem
+mount atomicity requirements, it is also recommended that:
options UFS_EXTATTR_AUTOSTART
OpenPOWER on IntegriCloud