[OpenAFS-devel] Re: Permission bug?

Jeffrey Hutzelman jhutz@cmu.edu
Mon, 25 Jan 2010 16:00:36 -0500


--On Saturday, January 23, 2010 01:15:16 PM -0600 Andrew Deason 
<adeason@sinenomine.net> wrote:

> On Fri, 22 Jan 2010 09:16:11 -0500
> Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
>
>> On 1/22/2010 8:15 AM, Andrew Deason wrote:
>> > Being the owner and having 'i' permissions is supposed to give you
>> > implicit 'r' and 'w', isn't it? I believe the fileserver lets you do
>> > that, and the existing client code certainly tried to allow that.
>>
>> The fileserver grants the owner of the file implicit read and write
>> privileges because it has no ability to determine when a file was
>> created vs. when it was opened.   That information is only available
>> to the cache managers.  It is the responsibility of the cache manager
>> to enforce insert only semantics on the file.  That means that cache
>> manager must track when a file was created separately from when it
>> was opened and only permit the read and write permissions on the file
>> to be used in the create case.  Any other behavior is not consistent
>> with the 'insert' only privilege.
>
> Why does the fileserver grant implicit read? A dropbox appears to work
> at least for a couple of trivial cases when I disable it.

Because conceptually (and with the help of CM's enforcing this), 'i' means 
that you can create a new file and read and write it as much as you want 
until you close it.  It does not mean that the newly-created file is 
write-only.  For that to work, the fileserver must allow the CM to fetch 
chunks that have been pushed out of its cache.

-- Jeff