[OpenAFS] File ownership/permissions semantics
Jeffrey Hutzelman
jhutz@cmu.edu
Tue, 31 Oct 2006 16:32:42 -0500
On Monday, October 30, 2006 07:12:10 PM -0500 Derek Atkins
<warlord@MIT.EDU> wrote:
> It's a security hole to allow anyone with write access to gain
> administrative priviledges just through "mkdir".
Well, you only gain bits with respect to the thing you created, so no,
that's not really a hole. However, there are plenty of people who don't
like that behavior, and apparently one of them decided to "fix" it by
removing implicit admin access for directory owners (looking at the
history, it appears this was
fileserver-no-implicit-a-for-directory-owners-20020612, written by probe
and committed by zacheiss. Note that this change never appeared on the
1.2.x branch, but has always been present in 1.4.
The solution CMU settled on many years ago was to require both 'i' and 'w'
to create subdirectories; this allowed you to have a dropbox where anyone
could create a file without also letting people create private directories
and steal quota. This feature can be turned on by compiling with
-DDIRCREATE_NEED_WRITE, though there is no configure switch for that and it
won't restore the implicit-admin behavior.
> I do not believe there is a compilation flag to revert
No, there is not; the code to do this just isn't there any more.
-- Jeff