[OpenAFS-devel] Re: Permission bug?

Andrew Deason adeason@sinenomine.net
Sat, 23 Jan 2010 13:25:38 -0600


On Fri, 22 Jan 2010 23:26:41 +0200
Markus Suvanto <markus.suvanto@gmail.com> wrote:

> I have patch openafs-stable-1_4_x with
> http://gerrit.openafs.org/#change,1143 (hopefully),
> but still the behaviour is different than using old version.
>=20
> This is what I want ( 63840e2e57c74c9bd204d130dc8124138e2066fe)
>=20
> masu 23:15 ~/test >fs la .
> Access list for . is
> Normal rights:
> =A0masu li
> masu 23:15 ~/test >echo "hello" > file1
> masu 23:15 ~/test >cat file1
> cat: file1: Permission denied
> masu 23:15 ~/test >ls -la
> total 17
> -rw-r--r-- =A0 1 masu users =A0 =A0 6 Jan 22 23:15 file1

Ah, apologies, I misunderstood your original request. Based on recent
discussions, it doesn't look like what you want the client to do is what
it is supposed to do. In AFS, getting the 'ls -l' information (the stat
data) on a file and reading a file are equivalent, permissions-wise.
That is, doing either one requires the 'r'/read right.

It is _possible_ to make an exception for the 'dropbox' case, and grant
stat() permission to the owner but not let them read the file, since
preventing the owner from reading the file is enforced by the client and
not by the fileserver.

I'm not sure how desirable that is, though, and making even more
special-cases to the dropbox case doesn't sound appealing...

--=20
Andrew Deason
adeason@sinenomine.net