[OpenAFS] Question about append-only directories and ownership
of files
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 21 Mar 2005 17:05:20 -0500
On Friday, March 18, 2005 08:57:41 PM -0500 "Thomas M. Payerle"
<payerle@physics.umd.edu> wrote:
> Is this behavior "expected"? Am I missing something? Is there a way in
> AFS to have a file be append-only (possibly with creation if missing, but
> without being "readable") that does not depend on the principal appending
> to the file owning the file?
No; there is no way for a file to be "append-only".
The operations exported by the fileserver are reading and writing parts of
the file. The AFS client software generally reads, caches, and writes
whole aligned cache chunks at once. So what you think of as "appending"
really works out to fetching the last chunk of the file, modifying it, and
writing it back, with the "writing it back" part normally happening only
when the file is closed. So, to be able to "append", the cache manager
needs to be able to read the file.
So of course, now you're going to ask "why did it work before?".
The answer is that when you have insert rights on a directory, the
fileserver allows you to read files you own in that directory, even if you
don't have "r" rights. You normally don't notice this, because the cache
manager won't let you read a file you don't have "r" on, but this is a
requirement for making "dropbox" directories work, and it also happens to
be sufficient to make your append scenario work.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA