[AFS3-std] "l" permissions are not actually weaker than we're telling people

Derrick Brashear shadow@gmail.com
Mon, 18 Jan 2010 15:10:15 -0500


On Mon, Jan 18, 2010 at 2:32 PM, Derrick Brashear <shadow@gmail.com> wrote:
> On Mon, Jan 18, 2010 at 2:26 PM, Adam Megacz <adam@megacz.com> wrote:
>>
>> Jeffrey Altman <jaltman@secure-endpoints.com> writes:
>>> One of the reasons for this approach is that file servers do not proces=
s
>>> paths when responding to the cache manager requests.
>>
>> I was actually stunned by this when I read vnode.c/viced.c... apparently
>> RENAME is the only operation that walks to the root of the directory
>> hierarchy (because the fileserver must guard against cyclic directory
>> paths). =A0Surprising!
>>
>> Does this mean that if we have a setup like this:
>>
>> =A0 =A0mkdir foo
>> =A0 =A0fs sa foo system:anyuser rlidw
>> =A0 =A0mkdir foo/bar
>> =A0 =A0fs sa foo system:anyuser none
>>
>> That anonymous users can access "foo/bar/", so long as they know the FID
>> for "bar" -- either because the fourth command wasn't executed
>> immediately after the third, or else because they were simply patient
>> enough to guess it?
>
> Doesn't mean that in the slightest. Note that foo/bar/ is a directory
> and not actual data, but, the case is the same regardless.
> Permissions are enforced for every vnode. Look at
> Check_PermissionRights in afsfileprocs.c

Actually, reading that again, it means what you said, I think.

The ACL on a directory conveys the rights it conveys. Don't set the
ACL on a directory to something you don't mean. Nothing else is
advertised.