From: Michael Tharp <gxti@partiallystapled.com>
To: Marc Perkel <mperkel@yahoo.com>
Cc: alan <alan@clueserver.org>, linux-kernel@vger.kernel.org
Subject: Re: Thinking outside the box on file systems
Date: Wed, 15 Aug 2007 13:30:29 -0400 [thread overview]
Message-ID: <46C33835.90703@partiallystapled.com> (raw)
In-Reply-To: <249938.3918.qm@web52506.mail.re2.yahoo.com>
Marc Perkel wrote:
> That not a problem - it's a feature. In such a
> situation the person would get a general file creation
> error.
Feature or not, it's still vulnerable to probing by malicious users. If
there are create permissions on the directory, the invisibility is not
perfect.
> Although it isn't likely people would structure
> files with invisible files in directories that the
> user has create permissions [...]
... /tmp ...
> [...] it is logical that if I
> put a file in a place where the user has no rights I
> want it to stay there. Currently the user can delete
> files where they have no rights.
Indeed. The sticky bit works around this, but IMHO it's a hack.
> I might also want to restrict the kind of a user can
> createor give permission to create only certian file
> names.
>
> /etc/vz/conf/*.conf - create - readonly - self-rw
> /etc/vz/conf - deny
>
> This would allow the user to read all *.conf files,
> create new *.conf files, and full permissions to
> read/write/delete files that the user created but not
> files that others created. If listing a directory then
> only the *.conf files would appear even if other files
> are in the directory.
It'd be interesting to find a use case for this, but that's no reason
not to provide the functionality.
> Marc Perkel
> Junk Email Filter dot com
> http://www.junkemailfilter.com
-- m. tharp
next prev parent reply other threads:[~2007-08-15 17:31 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-14 22:45 Thinking outside the box on file systems Marc Perkel
2007-08-14 22:51 ` alan
2007-08-15 13:02 ` Michael Tharp
2007-08-15 13:30 ` Lennart Sorensen
2007-08-15 13:53 ` Kyle Moffett
2007-08-15 15:14 ` Michael Tharp
2007-08-15 16:36 ` Marc Perkel
2007-08-15 17:17 ` Kyle Moffett
2007-08-15 17:30 ` Marc Perkel
2007-08-15 18:22 ` Craig Ruff
2007-08-15 20:35 ` Marc Perkel
2007-08-16 11:27 ` Helge Hafting
2007-08-15 16:02 ` Marc Perkel
2007-08-15 16:57 ` Valdis.Kletnieks
2007-08-15 17:09 ` Marc Perkel
2007-08-15 17:22 ` Kyle Moffett
2007-08-15 17:34 ` Marc Perkel
2007-08-18 23:27 ` Alan
2007-08-18 23:26 ` Alan
2007-08-19 2:03 ` david
2007-08-19 2:57 ` Al Viro
2007-09-01 23:20 ` Oleg Verych
2007-08-15 19:20 ` Lennart Sorensen
2007-08-16 23:12 ` H. Peter Anvin
2007-08-15 16:58 ` Kyle Moffett
2007-08-15 17:19 ` Marc Perkel
2007-08-15 17:37 ` Kyle Moffett
2007-08-15 17:59 ` Marc Perkel
2007-08-15 19:26 ` Lennart Sorensen
2007-08-15 20:11 ` Kyle Moffett
2007-08-15 20:44 ` Marc Perkel
2007-08-15 21:04 ` Lennart Sorensen
2007-08-16 11:42 ` Helge Hafting
2007-08-16 12:09 ` linux-os (Dick Johnson)
2007-08-15 17:34 ` Phillip Susi
2007-08-15 17:53 ` Kyle Moffett
2007-08-15 18:05 ` Marc Perkel
2007-08-15 18:14 ` Kyle Moffett
2007-08-15 20:20 ` Marc Perkel
2007-08-15 20:43 ` Phillip Susi
2007-08-15 20:50 ` Marc Perkel
2007-08-15 21:20 ` Valdis.Kletnieks
2007-08-15 22:48 ` Marc Perkel
2007-08-16 3:42 ` Valdis.Kletnieks
2007-08-15 20:38 ` Phillip Susi
2007-08-15 21:17 ` Kyle Moffett
2007-08-15 22:14 ` Phillip Susi
2007-08-16 4:44 ` Kyle Moffett
2007-08-16 15:09 ` Phillip Susi
2007-08-16 15:29 ` Valdis.Kletnieks
2007-08-16 17:28 ` Phillip Susi
2007-08-16 17:31 ` Valdis.Kletnieks
2007-08-16 22:03 ` Phillip Susi
2007-08-16 23:17 ` Kyle Moffett
2007-08-17 4:24 ` Marc Perkel
2007-08-17 4:52 ` Valdis.Kletnieks
2007-08-17 15:19 ` Phillip Susi
2007-08-17 15:39 ` Valdis.Kletnieks
2007-08-17 19:01 ` Phillip Susi
2007-08-18 5:48 ` Kyle Moffett
2007-08-18 16:45 ` Marc Perkel
2007-08-18 18:19 ` Al Viro
2007-08-19 4:07 ` Marc Perkel
2007-08-20 7:05 ` Nix
2007-08-20 7:47 ` Brennan Ashton
2007-08-20 11:18 ` Marc Perkel
2007-08-20 13:32 ` linux-os (Dick Johnson)
2007-08-20 15:25 ` Lennart Sorensen
2007-08-20 15:26 ` Helge Hafting
2007-08-20 19:52 ` Nix
2007-08-20 16:21 ` [OT] " Randy Dunlap
2007-08-20 16:20 ` Xavier Bestel
2007-08-20 14:29 ` Phillip Susi
2007-08-20 15:13 ` Lennart Sorensen
2007-08-20 14:24 ` Phillip Susi
2007-08-15 22:40 ` Marc Perkel
2007-08-15 17:54 ` Marc Perkel
2007-08-15 17:02 ` Marc Perkel
2007-08-15 17:30 ` Michael Tharp [this message]
2007-08-15 17:51 ` Marc Perkel
2007-08-15 20:02 ` Yakov Lerner
-- strict thread matches above, loose matches on Subject: below --
2007-08-15 7:49 Tim Tassonis
2007-08-15 18:23 Brian Wheeler
2007-08-20 11:54 Tim Tassonis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46C33835.90703@partiallystapled.com \
--to=gxti@partiallystapled.com \
--cc=alan@clueserver.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mperkel@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).