[OpenAFS-devel] Re: Permission bug?
Andrew Deason
adeason@sinenomine.net
Sat, 23 Jan 2010 13:15:16 -0600
On Fri, 22 Jan 2010 09:16:11 -0500
Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> On 1/22/2010 8:15 AM, Andrew Deason wrote:
> > Being the owner and having 'i' permissions is supposed to give you
> > implicit 'r' and 'w', isn't it? I believe the fileserver lets you do
> > that, and the existing client code certainly tried to allow that.
>
> The fileserver grants the owner of the file implicit read and write
> privileges because it has no ability to determine when a file was
> created vs. when it was opened. That information is only available
> to the cache managers. It is the responsibility of the cache manager
> to enforce insert only semantics on the file. That means that cache
> manager must track when a file was created separately from when it
> was opened and only permit the read and write permissions on the file
> to be used in the create case. Any other behavior is not consistent
> with the 'insert' only privilege.
Why does the fileserver grant implicit read? A dropbox appears to work
at least for a couple of trivial cases when I disable it.
And is this stuff explicitly documented anywhere? The only way I am
getting my ideas on what this is supposed to do is from code, comments,
and the occasional thread on the topic, many of which contradict each
other, which is why this has been so confusing.
--
Andrew Deason
adeason@sinenomine.net