On 948730343 seconds since the Beginning of the UNIX epoch
Chris G. Demetriou wrote:
>
>Some things do require kernel support, though: e.g. I'd like to see a
>way to do user-mountable file systems which include nodev,nosuid, but
>which the mounting user can do anything do, including create files as
>other UIDs and even make them set-id.  (It'd be Nice to be able to
>make file system images without needing root.)

I was actually thinking the other day that perhaps a UID/GID mapping
stackable fs which had the following properties would be good for this:
	1  there is a flat file in mtree format storing the
	   permissions of files in the fs.
	2  files can be created, chowned, and the like to arbitrary
	   users even if you aren't root and said changes are put into
	   the mtree file.
	3  the changes only take effect in the underlying fs if you
	   are root.
	4  Although queries give results of the mtree file, actual
	   accesses are based on the underlying fs.

With a few refinements, I think that this might provide for having
a file system that allows the build system to run as an arbitrary
user, but not compromise security.  Point 4 is actually negotiable,
as one could rather easily give pax the ability to use the mtree
file as a template for the permissions.

I am a bit concerned about the fact that this idea breaks some of
the file system semantics.  And, now that I think about it, one
could just as easily require that all installs use /usr/bin/install
and have it append a line to an mtree file with the right arguments
(and/or environment variables).  And then modify pax to use the
mtree file as a template for the permissions.

 == Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/  ==
 == The Unofficial NetBSD Web Pages        http://www.Imrryr.ORG/NetBSD/  ==
 == The NetBSD Project                            http://www.NetBSD.ORG/  ==