[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-coda
Subject: Re: Coda files owner and access bits
From: Ivan Popov <pin () math ! chalmers ! se>
Date: 2003-04-09 7:39:50
[Download RAW message or body]
Hello,
I've got some more insight into access control issue by reading an AFS2
paper (thanks Satya!) and testing Coda behaviour. As I missed these
details for several years :) I think it is useful to summarize here.
A positive discovery (Jan opened my eyes) was that Coda has some access
control on file level, besides the directory-bound acls. The "owner"
access bits are actually used, not only stored and retrieved. These bits
effectively mask the read and write rights on file-by-file level.
The negative side is that this access control is implemented independently
and with different semantics than the main acl-based one.
- it is enforced by venus on client side, hence does not protect against
malicious clients, on a global filesystem it just creates a false feeling
of safety
==> is it hard to let the *server* to respect the r- and w- access bits?
- the right to change the bits by chmod() for some reason is bound to "w"
privilege in acls, not to "a" as would seem logical
==> what is that reason?
Note also that though the bits used are the unix "file owner" ones, their
function has nothing to do with who is the "file owner".
If a bit is set, it does not influence the rights granted by acls.
If a bit is unset, it prevents the corresponding access for *all*.
Best regards,
--
Ivan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic