From: Lyndon Nerenberg <lyndon@orthanc.ca>
To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu>
Subject: Re: [9fans] fuse bashing
Date: Wed, 25 Jan 2006 00:11:18 -0800 [thread overview]
Message-ID: <16DE3DE0-B4FD-4266-822A-0ABDBBD3DE03@orthanc.ca> (raw)
In-Reply-To: <6e35c0620601242346q256802f1j48b1f1cd547fbf0f@mail.gmail.com>
On Jan 24, 2006, at 11:46 PM, Jack Johnson wrote:
> Not ACLs, but I've thought it would be nice to reuse SSH keys and
> maybe make another dot-directory, and anyone with a matching public
> key in the dot-directory would have access to it, similar to
> .ssh/authorized_keys but with a separate file per user.
But these *are* ACLs, and by putting them into the filesystem you're
trying to protect you create an intractable recursive problem: how to
protect the ACLs with themselves.
To secure the filesystem you have to isolate this metadata. The
problem to date is that nobody has figured out a clean way of doing
this in a way that makes it simple to administer -- and maintain --
the ACLs (and other crud). E.g. FreeBSD supports ACLs in the
filesystem, but all the tools that manipulate files need to be
cognizant of them, and sadly, most aren't. Thus an application that
does it's work on a temporary file and then does the 'unlink(foo);
rename(tmp,foo)' dance loses the ACL attributes (and other
metadata). On occasion I wonder if this asks for a replace(a,b)
syscall that does the equivalent atomic unlink+rename while
preserving the metadata (ACLs, MAC labels, etc) associated with the
original file.
--lyndon
next prev parent reply other threads:[~2006-01-25 8:11 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-23 17:06 Russ Cox
2006-01-23 17:28 ` Ronald G Minnich
2006-01-23 17:44 ` David Leimbach
2006-01-23 18:07 ` Eric Van Hensbergen
2006-01-23 18:13 ` Bruce Ellis
2006-01-23 20:31 ` David Leimbach
2006-01-23 20:33 ` Ronald G Minnich
2006-01-23 23:28 ` Dan Cross
2006-01-23 23:53 ` David Leimbach
2006-01-24 0:07 ` Ronald G Minnich
2006-01-25 19:58 ` Enache Adrian
2006-01-25 20:30 ` Christoph Lohmann
2006-01-25 20:51 ` Ronald G Minnich
2006-01-25 21:09 ` Bruce Ellis
2006-01-25 20:50 ` Ronald G Minnich
2006-01-25 21:09 ` Enache Adrian
2006-01-24 0:12 ` John Barham
2006-01-25 5:29 ` Dave Eckhardt
2006-01-25 15:38 ` Ronald G Minnich
2006-01-25 21:31 ` Dave Eckhardt
2006-01-26 1:16 ` erik quanstrom
2006-01-25 5:30 ` Dave Eckhardt
2006-01-25 7:46 ` Jack Johnson
2006-01-25 8:11 ` Lyndon Nerenberg [this message]
2006-01-25 8:18 ` Lyndon Nerenberg
2006-01-25 9:46 ` Andriy G. Tereshchenko
2006-01-25 15:45 ` Ronald G Minnich
2006-01-23 17:51 ` C H Forsyth
2006-01-23 17:46 ` David Leimbach
2006-01-23 20:08 ` Ronald G Minnich
2006-01-23 18:46 ` Skip Tavakkolian
2006-01-24 2:22 ` Latchesar Ionkov
2006-01-24 8:37 ` Charles Forsyth
2006-01-24 9:41 ` Charles Forsyth
2006-01-24 10:04 ` Charles Forsyth
[not found] <000001c620ca$f86f1570$14aaa8c0@utelsystems.local>
2006-01-24 9:46 ` "Nils O. Selåsdal"
2006-01-24 20:10 quanstro
2006-01-24 21:37 ` Eric Van Hensbergen
2006-01-24 23:14 ` Charles Forsyth
2006-01-25 0:26 ` Latchesar Ionkov
2006-01-25 0:25 ` Latchesar Ionkov
2006-01-25 1:31 ` erik quanstrom
2006-01-25 1:40 ` Latchesar Ionkov
2006-01-25 1:42 ` Eric Van Hensbergen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=16DE3DE0-B4FD-4266-822A-0ABDBBD3DE03@orthanc.ca \
--to=lyndon@orthanc.ca \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).