[OpenAFS-devel] posix chown again

[Jeffrey Hutzelman]

--On Monday, October 20, 2008 09:51:15 AM -0400 Michael Meffie 
<mmeffie@sinenomine.net> wrote:

> Since the C acl is documented as having no default meaning,
> this is conditionally compiled into the fileserver with
> the --enable-posix-chown option (disabled by default).

As discussed at the recent hackathon, the bit to be used should be 
determined at configure time, rather than being hard coded.  This allows 
sites that wish to use this feature to map it onto an ACL bit they are not 
already using.  Thus, one would have to configure with an option like 
--enable-posix-chown=C (with legal values being [ABCDEFGH] and "no", and 
maybe even 'a' or 'w', but not "yes").



> I have been running this patch against the following tests,
>
>   1. Regular users may change ownership of owned files and directories
>      when the w and C ACLs are set.
>
>   2. Regular users may not steal ownership of files or directories
>      (regardless of acls).
>
>   3. Regular users my change group ownership of owned files when the w
>      and C ACLs are set.
>
>   4. Setuid and Setguid mode bits are cleared when a regular user
>      changes ownership or group ownership of a file.

How about:

5. Regular users may _not_ change ownership of any files or directories
when the C ACL bit is not set.


> Finally, there is an oddity in the current Update_TargetVnodeStatus()
> function.  It seems original intent of the code was to disallow non-admin
> users to set the suid/sgid bits. However the current implementation
> also clears the sticky bit as well.  Is that a code error, or was
> disallowing setting of the sticky bit intentional?

It is intentional; the sticky bit has various effects, depending on the 
client platform, which administrators may not want to make available to 
ordinary users.  The question of whether the fileserver should continue to 
disallow ordinary users setting this bit is one on which we need to have a 
separate discussion.

-- Jeff