virtualfs 1.43 changes log

virtualfs 1.43 changes log

previous versions: 1.40
Change log index

Enhancements

aclfsd: authentication protocol

Normally, aclfsd is using Unix Credentials learned from the unix domain socket to learn the real user id if the client. An extension to the protocol allows the client to pass the userid and password of another user so it works on his behalf.

This was done for dav_ufs (an Apache mod_dav module used to publish files not normally available to apache).

aclfsd: per user configuration

aclfsd normally uses the /etc/virtualfs/aclfsd.conf configuration file. This file simply provides mappings for aclfs volume and location in the file system.

aclfsd accepts the --config command line option, allowing one to use a different configuration file. If this option starts with the | character (pipe), aclfsd assumes it is a command and will execute it whenever a new user connects. Further, the command is parsed for special tokens. They are replaced like this:

The command should produce mappings more appropriate, making life easier for the user (and somewhat enhance the security).

For example, a normal aclfsd file would look like

	home	/home

A user using the home volume would see all homes and would have to select the proper one. A special script may be written to provide a mapping directly associated with the user. This means that two users accessing the same aclfs volume may end up in two different places without knowing.

libaclfs: new

The virtualfs plug-gin aclfs is now available as a library so aclfs client may be written. The library is called libaclfs and all function are named with the aclfs_ prefix.

This was done for the dav_ufs project (webdav using aclfsd to access files).

Preserving the user identify in created files and directories

The "create-file-mode" and "mkdir-mode" allows one to override how files and directories are created. It is sometime necessary to override only the user or group and preserve the identity of the user doing the creation.

The keyword $SELF may be used to reference the original user. The following example creates files own by group ftp, but preserves the user.

	create-file-mode $SELF,ftp,0644;

Bug fixes

Man page acl.5 renamed to aclfile.5

Another package was supplying a different file with this name.