SFTP owner, group and mode flags...

To: <ietf-ssh%netbsd.org@localhost>
Subject: SFTP owner, group and mode flags...
From: "Joseph Galbraith" <galb-list%vandyke.com@localhost>
Date: Wed, 20 Mar 2002 15:22:27 -0700

The current specification of SFTP passes owner and
group information as UID and GID, and specifies
file permissions as a UINT bit mask.

This has several problems:

1. A UINT32 is not sufficient to represent
   UID and GID on Windows NT systems.

2. There is no mechanism for translating between
   the UID/GID and a human readable form (the
   owner name or group name.)

3. The permission mask is unable to represent
   the more sophisticated security information
   used under VMS, Windows NT and some Unix
   variants -- ACLs.

I would propose the following:

* Where we currently pass UID and GID as
  integers, pass them as strings of the
  form user@dns (see NFS: RFC3010, Section 5.6.)

* In order to reduce overhead of readdir and
  stat operations, which will increase with
  the above, we add a parameter to the opendir
  and stat protocols to allow the client to
  specify what attributes it is interested in.

  This also allows the client to optimize stat
  and readdir operations.  The client can avoid
  asking for information it isn't interested in,
  and minimize the work requested of the server
  and the amount of data transfered over the wire.

* Also, now that the user / group information
  is available in a human readable format, the
  long name is entirely redundant, and expensive
  (more than twice as long as the rest of the stat
  data put together.)

  I propose that we remove it, and the associated
  temptation for applications to parse it as
  Unix ls output.

* Change the mode field to a type field, which indicates
  the type of the file, and make it a byte field.

* Use the ACL specification from NFS (RFC3010, Section 5.9)
  Unix style permission masks can be easily represented as
  an ACL using the special "who" values specified in
  5.9.4.

* We allow a server to advertise what attributes
  it can provide and what attributes it can provide
  efficiently, but require servers to tolerantly
  ignore requests for attributes it can't provide
  and require that clients be prepared to not receive
  attributes that the server has advertised.

  For example, under NT, we would advertise that we
  can provide User, Group and ACL information, but
  that they are expensive.

  However, if the file-system supporting a file requested
  by the client is FAT, then we won't be able to provide
  that information.

- Joseph

Follow-Ups:
- Re: SFTP owner, group and mode flags...
  - From: Damien Miller

Prev by Date: Re: Even more ways to fix the cbc-mode attack
Next by Date: Internationaliztion: UTF-8 for file names
Previous by Thread: Even more ways to fix the cbc-mode attack
Next by Thread: Re: SFTP owner, group and mode flags...
Indexes:

Home | Main Index | Thread Index | Old Index