Implementation of filesystem (and) permissions

Question

I am trying to understand the way the filesystem and the kernel are related, and how they work together, specifically regarding the permissions.

(I know that, in fact, the filesystem is running in kernel space, but in this context I consider them as two separates entities.)

When Bob (UID=1001, GID=1001, groups="humans, minor") tries to read "file.txt" which is, let's say, "rwx r-- --x" with "owner = Alice" and "group owner = minor" -- which one, of the kernel and the filesystem, permits access?

Does the filesystem have a function taking as parameters the entire list of Bob's groups, Bob's UID and other stuff sent by the kernel (which would allow the filesystem to determine whether Bob can or cannot read the targeted file)?

Furthermore, if this is the way it works -- how does the kernel know the data the filesystem needs for extended/special attributes? In the case of synology extended attributes (ext4/btrfs) for example.

Many thanks for any help / resources to read.

Answer 1

Good day to you!

In my opinion -- when the Kernel receives a request from a User (for example, to open a file), it then analyses the User's access rights. If they are correct -- the Kernel manages the hardware to provide the User with the requested data.

In a context of a computer system (consisting of a Kernel and a File-System; also including hardware to input, to store and to output the data), the File-System itself has no possibility of making decisions (like the Kernel do); it is just an informational structure, written in a manner defined by the rules of operating it (to which the Kernel must have an access, in order to interact correctly; these rules may be stored in the Kernel). So, the Kernel makes decisions on providing access (and if it is to fulfil the request, the Kernel operates the data). And the File-System is a set of both stored data on some hardware, and a software part (as the instructions to the Kernel: how to manipulate the hardware's physical layer and, maybe, how to decide on access-providing on a logical layer); but the decisive role, again, is up to the Kernel (which must accord to all the provided rules).

This variant is just a variant, and it may vary in various operating system realizations. I don't know, in which of them it is implemented (whether this is OS "Linux" or OS "Windows" approach, or maybe not).

And for example, if we describe a remote cloud-storage to which the User connects -- this storage (something in it that acts as a described Kernel; maybe, its Kernel) decides whether to grant the access or not; and the local Kernel acts as a User, to which the remote system is like a Kernel.

Also, I saw a similar (or relative) question here, on "Stack Overflow", too: What does opening a file actually do? -- maybe, there you will find some additional information.