[OpenAFS-devel] thoughts on file ownership in afs

Neulinger, Nathan nneul@umr.edu
Thu, 29 Mar 2001 08:55:25 -0600 

What would y'all think of these two changes I'd like to consider making.
Currently, dealing with file ownership (unix owner) in AFS is a problem if
you have multiple ids, particularly for windows users that use stupid
editors that don't overwrite file in place, and instead create a new one
each time. (ultraedit).

Basically, I'd like to consider the following:

	1. Allow any user to change ownership of any file to their own id,
presuming that user has admin rights for the directory containing the file.

Note - given ACLs in afs, I don't see that #1 would be all that significant
of a security concern, but this would make it easy for users to set the
owner of their files back to themselves if they accidentally created it as a
different id.

There should be ZERO security issue from this, as the user could just as
easily mv+cp+rm the file, but that is hardly convenient. 

	2. Provide an addition to the windows right-click popup for AFS to
allow setting unix details, such as group and owner and unix permission
bits.

	3a. Possibly - more useful, but some people don't like this in unix
filesystems - allow users to give away ownership of files in AFS. This is
similar to many unix systems that allow giving away ownership of files. I'm
not certain I like this by itself, what I'd almost prefer is some where for
"fred" to say that "joe" can create files owned by "fred". Definately more
thought would need to go into this one.

	3b. An alternative - allow any AFS user with admin rights in a
directory to give away ownership of a file, but only to the owner of the
directory containing the file. 

	4. setugid bit on directories. Support for normal unix setgid
functionality to set the group of files created in a dir, and additionally,
support for automatically setting the owner as well. 


The issue with 3,4 is that a user can shoot themselves in the foot by giving
admin rights away to someone else - but the thing is, they can do that
anyway in other places.

I think some combination of the above would make certain file management
issues alot easier when in a mixed unix/nt environment, particularly when
ownership/permission bits actually matter.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216