[OpenAFS] File ownership/permissions semantics

Jeffrey Hutzelman jhutz@cmu.edu
Tue, 31 Oct 2006 16:32:42 -0500

On Monday, October 30, 2006 07:12:10 PM -0500 Derek Atkins 
<warlord@MIT.EDU> wrote:

> It's a security hole to allow anyone with write access to gain
> administrative priviledges just through "mkdir".

Well, you only gain bits with respect to the thing you created, so no, 
that's not really a hole.  However, there are plenty of people who don't 
like that behavior, and apparently one of them decided to "fix" it by 
removing implicit admin access for directory owners (looking at the 
history, it appears this was 
fileserver-no-implicit-a-for-directory-owners-20020612, written by probe 
and committed by zacheiss.  Note that this change never appeared on the 
1.2.x branch, but has always been present in 1.4.

The solution CMU settled on many years ago was to require both 'i' and 'w' 
to create subdirectories; this allowed you to have a dropbox where anyone 
could create a file without also letting people create private directories 
and steal quota.  This feature can be turned on by compiling with 
-DDIRCREATE_NEED_WRITE, though there is no configure switch for that and it 
won't restore the implicit-admin behavior.

> I do not believe there is a compilation flag to revert

No, there is not; the code to do this just isn't there any more.

-- Jeff