From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Bodo Eggert " <7eggert@gmx.de> Subject: Re: [RFC] FUSE permission modell (Was: fuse review bits) Date: Tue, 12 Apr 2005 11:17:22 +0200 Message-ID: References: <3S8oM-So-11@gated-at.bofh.it> <3S8oM-So-13@gated-at.bofh.it> <3S8oN-So-15@gated-at.bofh.it> <3S8oN-So-17@gated-at.bofh.it> <3S8oN-So-19@gated-at.bofh.it> <3S8oN-So-21@gated-at.bofh.it> <3S8oN-So-23@gated-at.bofh.it> <3S8oN-So-25@gated-at.bofh.it> <3S8oN-So-27@gated-at.bofh.it> <3S8oM-So-7@gated-at.bofh.it> <3SbPN-3T4-19@gated-at.bofh.it> Reply-To: 7eggert@gmx.de Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: Received: from mail-in-08.arcor-online.net ([151.189.21.48]:62895 "EHLO mail-in-08.arcor-online.net") by vger.kernel.org with ESMTP id S262073AbVDLJRy (ORCPT ); Tue, 12 Apr 2005 05:17:54 -0400 To: Jamie Lokier , Miklos Szeredi , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, hch@infradead.org, akpm@osdl.org, viro@parcelfarce.linux.theplanet.co.uk Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org Jamie Lokier wrote: > Miklos Szeredi wrote: >>=A0=A0=A04)=A0Access=A0should=A0not=A0be=A0further=A0restricted=A0for= =A0the=A0owner=A0of=A0the >>=A0=A0=A0=A0=A0=A0mount,=A0even=A0if=A0permission=A0bits,=A0uid=A0or=A0= gid=A0would=A0suggest >>=A0=A0=A0=A0=A0=A0otherwise >=A0 >=A0Why?=A0=A0Surely=A0you=A0want=A0to=A0prevent=A0writing=A0to=A0files= =A0which=A0don't=A0have=A0the >=A0writable=A0bit=A0set?=A0=A0A=A0filesystem=A0may=A0also=A0create=A0a= ppend-only=A0files=A0- >=A0and=A0all=A0users=A0including=A0the=A0mount=A0owner=A0should=A0be=A0= bound=A0by=A0that. That=A0will=A0depend=A0on=A0the=A0situation.=A0If=A0the=A0user=A0is=A0m= ounting=A0a=A0tgz=A0owned by=A0himself,=A0FUSE=A0should=A0default=A0to=A0being=A0a=A0convenient=A0= hex-editor. >>=A0=A0=A05)=A0As=A0much=A0of=A0the=A0available=A0information=A0should= =A0be=A0exported=A0via=A0the >>=A0=A0=A0=A0=A0=A0filesystem=A0as=A0possible >=A0 >=A0This=A0is=A0the=A0root=A0of=A0the=A0conflict.=A0=A0You=A0are=A0tryi= ng=A0to=A0overload=A0the >=A0permission=A0bits=A0and=A0uid/gid=A0to=A0mean=A0something=A0differe= nt=A0than=A0they >=A0normally=A0do. >=A0 >=A0While=A0it's=A0convenient=A0to=A0see=A0some=A0"remote"=A0informatio= n=A0such=A0as=A0the >=A0uid/gid=A0in=A0a=A0tar=A0file,=A0are=A0you=A0sure=A0it's=A0a=A0good= =A0idea=A0to=A0break=A0the=A0unix >=A0permissions=A0model=A0-=A0which=A0will=A0break=A0some=A0programs?=A0= =A0(For=A0example,=A0try >=A0editing=A0a=A0file=A0with=A0the=A0broken=A0semantics=A0in=A0an=A0ed= itor=A0which=A0checks=A0the >=A0uid/gid=A0of=A0the=A0file=A0against=A0the=A0current=A0user). The=A0editor=A0will=A0try=A0to=A0keep=A0the=A0original=A0permissions,=A0= and=A0saving=A0will=A0be less=A0effective. >>=A0=A0=A01)=A0Only=A0allow=A0mount=A0over=A0a=A0directory=A0for=A0whi= ch=A0the=A0user=A0has=A0write >>=A0=A0=A0=A0=A0=A0access=A0(and=A0is=A0not=A0sticky) >=A0 >=A0Seems=A0good=A0-=A0but=A0why=A0not=A0sticky?=A0=A0Mounting=A0a=A0us= er=A0filesystem=A0in >=A0/tmp/user-xxx/my-mount-point=A0seems=A0not=A0unreasonable=A0-=A0pro= vided=A0the >=A0administrator=A0can=A0delete=A0the=A0directory=A0(which=A0is=A0poss= ible=A0with >=A0detachable=A0mount=A0points). I=A0once=A0mounted=A0a=A0filesystem=A0in=A0~/tmp=A0after=A0forgetting=A0= about=A0it=A0being=A0a symlink=A0to=A0/tmp/$me/tmp,=A0and=A0I=A0had=A0to=A0promise=A0never=A0t= o=A0do=A0that=A0again. Ng=A0zvqavtug,=A0gur=A0pyrnahc-grzc-fpevcg=A0xvpxrq=A0va. >>=A0=A0=A05)=A0The=A0filesystem=A0daemon=A0is=A0free=A0to=A0fill=A0in=A0= all=A0file=A0attributes=A0to >>=A0=A0=A0=A0=A0=A0any=A0(sane)=A0value,=A0and=A0the=A0kernel=A0won't=A0= modify=A0these. >=A0 >=A0Dangerous,=A0because=A0an=A0administrative=A0program=A0might=A0actu= ally=A0trust=A0the >=A0attributes=A0to=A0mean=A0what=A0they=A0normally=A0mean=A0in=A0the=A0= unix=A0permissions=A0model. The=A0same=A0risk=A0applies=A0to=A0smbmounted=A0file=A0systems. Sane=A0daemons=A0will=A0do=A0no=A0check=A0besides=A0matching=A0the=A0ow= ner=A0of=A0a=A0file=A0in=A0the user's=A0home=A0against=A0the=A0expected=A0UID=A0and=A0checking=A0the=A0= permission=A0mask, since=A0you=A0can't=A0trust=A0users=A0not=A0to=A0mess=A0with=A0files=A0= in=A0directories=A0they=A0own. The=A0"best"=A0they=A0can=A0do=A0should=A0be=A0shoothing=A0their=A0own=A0= feet. (If=A0the=A0user=A0doesn't=A0own=A0the=A0directory,=A0FUSE=A0shouldn't=A0= mount.) --=A0 Top=A0100=A0things=A0you=A0don't=A0want=A0the=A0sysadmin=A0to=A0say: 80.=A0I=A0cleaned=A0up=A0the=A0root=A0partition=A0and=A0now=A0there's=A0= LOTS=A0of=A0free=A0space. =46ri=DF,=A0Spammer:=A0customerservice@sister31.com=A0du0LCx6rst7@white= doc.info - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel= " in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html