Many large scale data storage systems involve a plurality of users sharing access to objects stored in a file system, including files, folders, directories, programs, processes, etc. Generally, file systems manage access permissions of certain users or groups of users to control the ability of the users or groups to access a file system object. In other words, if a user attempts to access a file system object, the file system determines whether the user is allowed to access the file system object prior to providing access. Many file systems use standard UNIX modes and/or access control lists (commonly referred to as “ACLs”) to manage access to file system objects.
Standard UNIX modes are defined as read (r), write (w), and execute (x). The read modes grants permission to read a file system object, the write mode grants permission to modify a file system object, and the execute mode grants permission to run a file system object. The standard UNIX modes are managed based on three types of classes: owner, group, and other. The owner class applies to the user who owns the file system object, the group class applies to those who are in the group that has been given access to the file, which may include the owner, and the other class applies to all others to whom neither the owner class nor the group class applies. A user, for example the owner, may be part of multiple groups. The standard UNIX modes may be changed with a change mode command or utility (commonly referred to as a “chmod”). While standard UNIX modes are relatively easy to use for individual file system objects, the ability to assign permissions is relatively limited.
ACLs generalize and enlarge this concept by providing fine-grained access control over file system objects. An ACL is a data structure containing zero or more access control entries (commonly referred to as “ACEs”), which define a variety of access rights for various types of users. Stated differently, ACLs are not limited to only the standard read, write, and execute modes or to only the owner, group, and other classes. While ACLs provide greater flexibility in assigning access rights, using ACLs is relatively complex and challenging for a large number of file system objects.
Many file systems utilize a combination of standard UNIX modes and ACLs to manage access to file system objects. However, several difficulties exist with respect to controlling ACL and mode interactions. One such difficulty is preserving an ACL across chmod operations. Some attempts to address this difficulty resulted in the ACL changing in a non-intuitive way, by inserting deny type ACEs that restrict access into the ACL. This caused confusion to users and resulted in interoperability issues between Windows and UNIX users. Many file systems abandoned this approach, opting instead to discard the ACL during a chmod operation. Under this approach, a chmod operation for a file system object deletes any ACL associated with the file system object and replaces the ACL with a trivial ACL derived from the new mode set by the chmod operation. However, it is undesirable and inefficient to delete and replace an ACL entirely upon each chmod operation.
It is with these observations in mind, among others, that various aspects of the present disclosure were conceived and developed.