Subject: Re: kern/1043: unlink(2) should not let superuser remove directories
To: None <mouse@Collatz.McRCIM.McGill.EDU>
From: Peter Seebach <seebs@solon.com>
List: netbsd-bugs
Date: 05/15/1995 09:02:47
Well, it bothers me* that root can't write to directories, or to the raw
device of a mounted filesystem.
Some of the other actions you mentioned are actually nonsensical, as opposed
to stupid or dangerous; these, I don't care about.
I suppose there's some sense to linkdir/unlinkdir system calls; they'd
certainly be nice. If we had that, we would want to make it impossible,
rather than just difficult, to hard link directories.
However, if there can ever be links to a directory, I think it should
be possible to link them and unlink them explicitly; and since multiple
hard links for a directory are built into the filesystem, we need to be
able to do them by hand.
I suppose it's a question of sanity vs. consistency; since link/unlink work
on directories (now), and directories are really just files (admittedly
weird ones), I think it's more consistent to have link and unlink work on
directories.
It might be worth redefining the semantics such that it was no longer a
superuser operation; say, any link in an unlinked directory is shoved over
to lost+found, or something similar. The obvious problems remain, of
course. But that way, users could link and unlink directories just like
other files, and most likely for the same wrong reasons.
-s