[OpenAFS] Re: directories in afs have "owners"?

Chaskiel M Grundman cg2v@andrew.cmu.edu
Wed, 21 Dec 2005 15:15:40 -0500


--==========41A32301003165720107==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

--On Wednesday, December 21, 2005 12:42:25 -0500 Derek Atkins=20
<warlord@MIT.EDU> wrote:

>> someone il
>>
>> in the ACL. I don't know if the OpenAFS client support this though. At
>> least an OpenAFS client from 2002 running on Solaris give a permission
>> denied trying to write to a owned file. A current Arla doesn't.
>
> If you don't have 'w' access on a directory then even if you own a
> file the fileserver should deny the write() request.

It's not that simple. If you have 'i' access, then, as far as the server is =

concerned, you _can_
write to files whose owner matches your pts id (you might even be able to=20
read from them - I don't remember the details). The openafs client doesn't=20
let you open such files, but that is entirely client-side enforcement.


--==========41A32301003165720107==========
Content-Type: application/pkcs7-signature
Content-Transfer-Encoding: base64

MIIL1wYJKoZIhvcNAQcCoIILyDCCC8QCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
DQEHAaCCCVswggLjMIICTKADAgECAgMO/8kwDQYJKoZIhvcNAQEEBQAwYjELMAkG
A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4x
LDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4X
DTA1MDYyMzE3MzEzMFoXDTA2MDYyMzE3MzEzMFowRTEfMB0GA1UEAxMWVGhhd3Rl
IEZyZWVtYWlsIE1lbWJlcjEiMCAGCSqGSIb3DQEJARYTY2cydkBhbmRyZXcuY211
LmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALujtch96NHbplBs
5DnSTn03EsnbYsLng/wM+wbfyS6ml6CCGYl7HY+sIBm4DNygpyQz0mvtvy9kKz7V
M2GTYdH5QLOgxxPxzV3fItv4jF9LKr9tIiT+v9K7XQ2Xl4kDyJi1g19UsKU4wf+s
uFdennXZ0pkWTpUld9JRZiLSYQDs/Hi62OekBfIX+H96AskyMBhZj5OVA+CYtnCj
fzVYO4a/RoAmemQhlv+whF0Qa3QFrLZtrDXKeYX95KU78q6+cJqtiAri4H3k8NpD
SeWavUxFyH/PFhCYPVdfVDiwaTwfEI5lBF0vTTTL8kSnJSmRBRWw9RkYHNZ8hxBC
Oo9m1oMCAwEAAaNAMD4wDgYDVR0PAQH/BAQDAgXgMB4GA1UdEQQXMBWBE2NnMnZA
YW5kcmV3LmNtdS5lZHUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCR
W9k/ckGNAJQ+DeUey0Hed2nlQb4goaakkHviC70vAVt0N34yrk3uxBf5Kch2olqM
SMCR+9+b1iXn0NU9n7QppayQ7SsYci3m8eMlaBk1pK91LrHGQL+ZEqOPqwhRmb0a
lQFAAoJpJdotCBzy0X1GP83i+2DUdT6ydPlmtsm8djCCAz8wggKooAMCAQICAQ0w
DQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJu
IENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1
bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x
JDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3
DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAw
MDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3
dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u
YWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQ
CjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+
B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTAS
BgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwu
dGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQE
AwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgw
DQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4
+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN
3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11f
ZU8wggMtMIIClqADAgECAgEAMA0GCSqGSIb3DQEBBAUAMIHRMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY
BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u
IFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJl
ZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0
ZS5jb20wHhcNOTYwMTAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCB0TELMAkGA1UE
BhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNh
dGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFs
IEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0
aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUadfUsJRkW3Hp
R9gMUbbqcpGwhF59LQ2PexLfhSV1KHQ6QixjJ5+Ve0vvfhmHHYbqo925zpZkGsIU
bkSsfOaP6E0PcR9AOKYAo4d49vmUhl6t6sBeduvZFKNdbnp8DKVLVX8GGSl/npom
1Wq7OCQIapjHsdqjmJH9edvlWsQcuQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/
MA0GCSqGSIb3DQEBBAUAA4GBAMfskn5O+PWWpWdiKqTwTRFg0G+NYFhhrCa7UjVc
CM8w+6hKloofYkIjjBcP9LpknBesRynfnZhe0mxgcVyirNx54+duAEcftQ0o6AKd
5Jr9E/Sm2Xyx+NxfIyYJkYBz0BQb3kOpgyXy5pwvFcr+pquKB3WLDN1RhGvk+NHO
d6KBMYICRDCCAkACAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl
IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs
IEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7/yTAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MTIyMTIwMTU0M1ow
IwYJKoZIhvcNAQkEMRYEFPKnh56YAmONc3/zQhdATGJGaotUMFIGCSqGSIb3DQEJ
DzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA
MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBAKKpGPm3
eq0P0NnrahJKjtBB1bzrmqEhEgNqdCVVG2pHYay2S0K/V58+lrvex5F3vp/v8bcI
J1d7WPDF5vfz1HfRPubW8//URTU0YGKRXPEmx912dTbDY3U0l2f7dlLt+YxkwNEl
55Od9NHp8xoFQ+C+4ux4lv2uVDNch6NEqzqXXrRe5rnmpaLBhHQUqIl96Epy/J29
Oxss6vI83FnKNQ8J/Icnj096IU1UjURNlTAKN6taq85NlOyckgT3sqjtoS8upmbw
i+GoYlsALQbqhZ5P3GiNyf+MosOvVN+3UM+Yact/Zm6OvZ287cNDMHDUab0ISRLe
+1dYc80GvpDRSqU=

--==========41A32301003165720107==========--