Subject: Re: NetBSD master CVS tree commits
To: Chris G. Demetriou <cgd@pa.dec.com>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: source-changes
Date: 02/18/1998 16:38:34
> What is it, exactly, that causes you folks to think that this change
> will cause problems for file systems like AFS?
>
> The statement that it'll make things "somewhat inconvenient" is nice
> and all, but i don't see how the actual set of changes will cause
> problems. (I have some knowledge of AFS internals, but am by no means
> an AFS expert...)
AFS has the concept of a priviledged user -- members of the pts group
system:administrators are allowed to chown files which they don't own.
It's also the case that root, running sans kerberos tickets granting
appropriate privileges, would *not* be allowed to chown, but the
fileserver gets to determine that and bounce back an error..
If one were reimplementing everything from scratch, conceivably one
could hair up the VFS interface with some sort of VFS_SUSER() op, but
I don't believe AFS has a simple remote op to check that.. and I keep
thinking that there might be a nasty race or two hiding in there,
too.. I think it's simpler to push permissions enforcement into to
the filesystem (and, in the AFS case, onto the fileserver).
- Bill