[trustees] Subversion trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hey all,

I just synced up the public tree with my changes.  I have tested them a 
bit, and it seemed to work.  At the very least I made it through a 
backup with no problem (which used to crash trustees 90% of the time 
back at the beginning).  The changes include:

1. Significant speed increases on deeply nested directories.

2. Hard links/renames of hardlinked files can occur when under the same 
trustee.  If I just have a /home trustee, anyone can make hardlinks 
anywhere within /home.  If I have a /home trustee and a /home/andy 
trustee, I can not make a hardlink between files in those two 
directories since this could cause a elevation of permissions.

Rob, this should hopefully take care of the postfix problem.

Read on for more detailed information on the changes or just headover to 
http://www.aeruder.net/subversion.php for instructions on how to sync to 
the trustees trunk.

Feedback would be greatly appreciated and I will be doing additional 
testing and working out some other issues yet this week,

Andy

... detailed explanation ...

A fix to prevent DOS's.  This can slow down the permission checking 
slightly in some cases, but not by much.  Generally what trustees does 
is anytime it needs to check a permission it grabs the entire filename 
of the file (relative to the device).

Something like

/home/andy/Project/Archives/svn/

Then it will null out one / at a time starting with the 2nd.  So it'll check

/
/home
/home/andy

Building up the trustees mask.  However, imagine you have users that are 
doing things like

while true ; do
   mkdir a
   cd a
done

You should try this sometime, trustees gets reallly really slow on 
deeply nested directories.

/home/andy/a/a/a/a/a/a/a/a/a//a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a

Now, however, trustees keeps track of the deepest trustee and only 
calculates filenames to that depth and only processes that deep.  At 
least in my experience, trustees ACLs are generally fairly shallow due 
to their recursive nature.  This should really speed up trustees in many 
cases.

The other change is that it keeps track of the deepest trustee that 
affects a file.   So if I do a lookup on /home/andy/Project, I will get 
/home as being the last trustee that took affect on the path.  Now, when 
I make a hardlink, I lookup the deepest trustee on both of them, if they 
match, the hard link goes through.  In short, hard links (and renames of 
hardlinked files) should be much smarter now and hopefully this will fix 
the postfix problems.