Date: Thu, 07 Oct 1999 00:14:52 +0100 From: Brian Somers <brian@Awfulhak.org> To: Pat Dirks <pwd@apple.com> Cc: "FreeBSD Hackers" <FreeBSD-Hackers@FreeBSD.ORG> Subject: Re: Apple's planned appoach to permissions on movable filesystems Message-ID: <199910062314.AAA03364@hak.lan.Awfulhak.org> In-Reply-To: Your message of "Tue, 05 Oct 1999 14:19:22 PDT." <199910052119.OAA24627@scv1.apple.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[.....]
> Instead we decided to leave all name <-> ID mapping systems unchanged and
> rely on a distinction between "local" filesystems whose permissions
> information should be used and a "foreign" filesystem mode where owner
> and group IDs are ignored.
[.....]
I think the owner and group of the person that mounted the filesystem
should be assigned to all files on that filesystem in FOREIGN mode.
-u and -g switches should be permitted to modify these, the -u being
restricted to root and the -g restricted to root or one of the groups
to which you are a member.
This assumes the BSD style I-must-have-permission-to-read-and-write-
the-raw-partitiion style filesystem mounting by users. It would have
horrendous implications with the linux-style fstab-says-anyone-can-
mount-this idea. But then, you already mention this later on :-]
The filesystem code would also mask all suid bits and ignore all
char/device files on FOREIGN media (as you've already said too).
[.....]
> media) so we settled on identifying filesystems instead.
I don't think it's a good idea to be able to identify the filesystem
as being your own. It's too easy to introduce security problems that
way. I'd suggest a default of FOREIGN and a root-only mount option
for LOCAL - ie, root decides, nothing's automated.
[.....]
> As long as the filesystem is "foreign" no owner or group changes
> (chown(2), chgrp(2)) are allowed (the id spaces are very possibly
> mutually meaningless; local name -> id mappings could make no sense to
> the original owner's system). chmod(2) should still work, though.
And what uid/gid do new files get.... I can't say I like the idea of
a magic ``nobody'' uid/gid.
[.....]
--
Brian <brian@Awfulhak.org> <brian@FreeBSD.org>
<http://www.Awfulhak.org>; <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910062314.AAA03364>