Linux trustees (ACL) project

Project in brief

The main goal is to create advanced permission management system for linux. In fact, UNIX permission system is not suitable for solution of very common tasks. E.g., let a system administrator wants to create a directory that available for some groups in write mode, for another groups - in read only. The files in the directory and subdirectories should inherits the parent's behavior, unless other is stated explicitly. Using standard UNIX (and linux) security model it is generally speaking impossible to implement the situation when different groups have read/write and read/only permissions. This issue can be resolved by ext2-fs ACL project, but the problem is that nobody wants to copy mask or ACLs from parent directory to subdirectories either by hands or using special scripts.

The approach

The solution proposed is mainly inspired by Novell Netware approach and Java security API.
Special objects (called trustees) can be bounded to every file or directory. Trustee object means that access to file or directory or directory with subdirectories is granted (or denied) to certain user or group (or all except user or group).

How the permissions are calculated

In short: The following rights are used in trustee objects:
Symbol Meaning
R Read files
W Write files and directories
B Browse (like UNIX execute for directories)
E rEad directories
X eXecute files
U Use UNIX permissions
Modificators
C Clear the permissions (instead of set them)
D Deny access (instead of grant)
! The trustee object applies to all except user or group
OOne level. The trustee object applies to the surectory and files in in, not to subdirectories

The trustees objects are stored in the kernel memory (I hope that even if somebody will have thousands of trustees, it will be OK) that allows very quick lookup.
The permission to access a file (or directory) is calculated using the following algorithm:

Note, that string names (not inode numbers) are stored in trustees object, so the trustee system is work despite of the mount points, filesystem types etc.

User level program and configuration file

A user level program settrustee reads permissions database /etc/trustee.conf and loads it to the kernel. It should be scheduled for execution at system startup and after every /etc/trustee.conf modification (with -d option).
The format of /etc/trustee.conf is follows:
Each line is either a comment (line from #) or a set of trustee objects for a file or a directory. In the later case the line has the following format:
<File or directory name>:<trustee object info>:.....:<trustee object info>
The starting / in file names is mandatory, double / are prohibited, trailing slashes are not recommended. <Trustee object info> is
<User or group information>:<Rights mask>
<User or group information> is either a Examples:
# Allows access for a very trusted user to all filesystem
/:very_trusted_user:RWEBX
# Denies access to secret directory for most of the users,
#clear access granted before
#(rights of very_trusted_user calculated using UNIX permissions),
# if the very_trusted_user is a member of +most_of_users_group,
# access is denied.
/top_secret_path:+most_of_users_group:DRWEBX:very_trusted_user:CRWEBX
# Deny access to all except trusted group
/another_path:+trusted_group:D!RWEBX

Status

This code was carefully tested by the author and in a production usage more than 2 months. At least a hundred downloaded this code. The author recieved some positive feedback. No bugs were found at least a couple of months. So, the code is considered as stable.

Quick start

The patch provided can be applied to any 2.2.X or 2.3.X kernel. cd /usr/src and
patch -p0 <trustees.XX.patch
cd linux
make xconfig or menuconfig or config
Answer Yes to CONFIG_TRUSTEES question (in FileSystems section)
make dep; make install; make modules; make modules_install
Create file /etc/trustee.conf
Put settrustee in a startup script.
Reboot the system

Download

Contacting the author

Please report bugs and succesfull testing to zavadsky@mzor.com.

Personal message from the author:

Hi everybody. My name is Vyacheslav Zavadsky. I live in Minsk, Belarus (former USSR). I am looking for contracts for off-shore software development. I can do well C/C++/Java/Perl server-side programming, internet programming, high tech programming (I mean complex data structures, algorithms, mathematics etc) and scientific programming. My resume aka internet programmer can be found here.

Contributions welcomed

User contributed software