implementing access control lists in 4.2bsd

[Jeff Glass]

I would like to ask for your comments on a mod I made recently
on our 4.2bsd system (on a 750).

since here at MITRE we have many users who are also Multics users,
a frequent disparagement of UNIX is that it only has owner-group-other
control on files, whereas Multics has access control lists, which are
much more flexible.

so, I implemented access control lists in UNIX.  the implementation allows
up to 8 entries in an access control list.  an entry may be either for
a specific user or group.  the user or group may be granted any (or none)
of the read-write-execute permissions.  the owner of the file (or the
superuser) can set the access control list.

this is in addition to the conventional user-group-other control. 
the chmod system call and program are unchanged.

the changes to the kernel were very minor:  two new system calls were
added to get and set the access control list for a file;  the access()
routine was modified to use the access control list in addition to the
user-group-other control;  and the routines to create files and
directories were trivially modified to clear the access control list
for the new file.  also, the login program was modified to clear the
acl on the terminal line.

the access control list is stored in the inode, in what was the
ic_spare field.  I know that this is reserved for future use, but this
was an experiment, so I felt that I could try it and see how it works.
anyway, I don't know what I would have to do to increase the inode size.

this has been running at our site for a month, with good results.
no problems have been found yet.

if you are interested, I would be glad to send you the diffs to the
kernel code and the sources of the programs to list and modify the
access control lists of files.  in any case, I would like to hear your
comments and suggestions.

/jeff

  security!jjg at mitre-bedford.ARPA				(MIL)
 {allegra,ihnp4,utzoo,philabs,uw-beaver}!linus!security!jjg	(UUCP)