From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Mon, 15 Sep 1997 09:38:50 -0500 From: G. David Butler gdb@dbSystems.com Subject: [9fans] Plan9 permissions Topicbox-Message-UUID: 64301238-eac8-11e9-9e20-41e7f4b1d025 Message-ID: <19970915143850.Wa4MgsL-Xr7wdf-834KjJN0licGsxDFHM_fpLL_cYHM@z> From: rsc@plan9.bell-labs.com > I think the paragraph should read: > > "When the owner attempts to do something to a file, the owner > permissions are consulted only, and if they grant the requested > permission, the operation is allowed. For someone who is not the > owner, but is a member of the files's group, only the group > permissions are consulted. The other permissions are only used > if the requestor is not the owner or a member of the file's group." > >but then it wouldn't be true. You could have assumed the following: int iaccess(File *f, Dentry *d, int m) { /* * various forms of superuser */ if(writeallow) return 0; if(wstatallow && d->mode & DDIR) return 0; if(duallow && duallow == f->uid && d->mode & DDIR && (m == DREAD || m == DEXEC)) return 0; /* * owner is next */ if(f->uid == d->uid) { if(m << 6 & d->mode) return 0; else return 1; } /* * group membership is hard */ if(ingroup(f->uid, d->gid)) { if(m << 3 & d->mode) return 0; else return 1; } /* * other is easiest */ if(m & d->mode) return 0; else return 1; } Take for example the incoming directory for anonymous ftp, /usr/none/incoming. My way it can be: d--wxrwxr-x M X none none Your way it has to be: d--wx-wx-wx M X none none (you have to change perms to see contents) or d--wxrwx-wx M X none sys (or something not none) >it is silly to honor permissions that are not >monotonically nonincreasing (octal digitwise) >from owner to everyone. Huh? >if you are the owner and the permissions are >something like 466, then you can just change them >with chmod. if you are in the group and the >permissions are something like 446 or 646, then >you can just become none (echo -n none >/dev/user) >and then you have permission again. So, you are the owner. >look at /sys/src/fs/port/sub.c:/^iaccess >on the cd. Things Change.