Computer files may have associated access control data that dictates who is permitted to access the computer files and the type of access (e.g., read, write, execute) that should be provided. An example of access control data is an access control list, which is a data structure that is associated with an object such as a computer file, and that provides user and group rights for the object. Many operating systems, such as variants of Unix and Linux, utilize access control lists that are POSIX-compliant. Other operating systems, such as Microsoft Windows®, also utilize access control lists. Access control data associated with a computer file may be stored at the file system level in what are known as “regular file attributes,” or simply “regular attributes,” of the computer file. Regular attributes may be used by an operating system to, among other things, control access to computer files.
Like regular file attributes, “extended file attributes,” or simply “extended attributes,” may be used to store data associated with a computer file at the file system level. However, extended attributes are more flexible than regular attributes because they may be used to store all sorts of metadata, whereas regular attributes typically are strictly limited to particular data, such as access control data. For example, some operating systems and other computer programs use extended attributes to store information such as an author, a checksum or a character encoding of a computer file.
A network file system, also referred to as a “distributed file system,” enables access to remote computer files. Network file system client computer programs, referred to herein as “network file system clients” or simply as “clients,” execute on computer systems and may be provided with access to computer files on other computer systems over a computer network. In some systems, network file system clients interact with network file server computer programs (referred to herein as “network file servers” or as “file servers”) over the computer network using a protocol in order to obtain access to remote computer files. Exemplary protocols include the Network File System (“NFS”) and Server Message Block (“SMB”), also referred to as the Common Internet File System (“CIFS”).
Network file systems typically use server-side access control data to determine whether a network file system client should be permitted access to a computer file. For example, a network file server may store computer files on an underlying host computer system with access control data contained in regular file attributes associated with the computer files. When the network file server receives a file access request from a network file system client, it may utilize access control data contained in the regular file attributes to determine whether the client should be permitted access to the computer file.