[OpenAFS-port-darwin] Unix permission bits

David Botsch dwb7@ccmr.cornell.edu
Tue, 3 Feb 2004 15:50:00 -0500 

The reason is a bug in the Finder. Finder tries to predetermine whether 
or not you are allowed to access a particular directory or file by 
looking at the unix mode bits. This breaks under afs where only the 
user mode bits matter and the unix user id of the file does not matter.

On 2004.02.03 15:35 Edward Moy wrote:
> I don't know the history or initial reason why this extra code to 
> modify the permission bits was added to darwin/macosx.  But starting 
> with the 1.2.10a version, that "feature" can be turned off, using the 
> afssettings mentioned below.
> 
> Edward Moy
> emoy@apple.com
> ---------------------------------------------------------------
> (This messages is from me as a reader of this list, and not a 
> statement from Apple.)
> 
> On Feb 3, 2004, at 6:32 AM, David Botsch wrote:
> 
>> Are these new permission things only there in either the Panther 
>> package or
>> only in 1.2.11 package?
>> 
>> On Tue, Feb 03, 2004 at 10:26:27AM +0100, Sebastian Hagedorn wrote:
>>> Hi,
>>> 
>>> --On Montag, 2. Februar 2004 22:36 Uhr -0800 Chuck Boeheim
>>> <boeheim@SLAC.Stanford.EDU> wrote:
>>> 
>>>> We've just started looking at supporting macosx, and running afs 
>>>> on it.
>>>> Running openafs 1.2.10 on macosx 10.3, I observe that the unix 
>>>> permission
>>>> bits look quite different than they do on other platforms.  I 
>>>> found some
>>>> of
>>>> the references to the 'permission patch', so it seems that this is
>>>> deliberate, but
>>>> I hadn't yet found a discussion about why this was a desireable 
>>>> thing to
>>>> do.
>>> 
>>> the GUI apps can't handle the AFS bits, so e.g. the Finder won't 
>>> allow you
>>> to open directories for which you have AFS permissions.
>>> 
>>>> We have some system maintenance appliations that copy config files,
>>>> applications,
>>>> etc from AFS space to the local disk.  They depend on replicating 
>>>> the
>>>> permission
>>>> bits from AFS to the local copy, which of course breaks with this
>>>> behavior. We end up with applications and config files being world
>>>> writable this way.
>>>> We trust our users, but not that much!  Is there a way to 
>>>> configure this
>>>> behavior
>>>> or otherwise get at the true bits stored in AFS?
>>> 
>>> Check out /private/var/db/openafs/etc/config/settings.plist. You 
>>> need to
>>> run /private/var/db/openafs/etc/config/afssettings after you've 
>>> made a
>>> change.

-- 
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************