From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Mon, 15 Sep 1997 13:59:43 -0400 From: rsc@plan9.bell-labs.com rsc@plan9.bell-labs.com Subject: [9fans] Plan9 permissions Topicbox-Message-UUID: 64674eb0-eac8-11e9-9e20-41e7f4b1d025 Message-ID: <19970915175943.vloZVwp08KAkJrXLummPPiLmSv7om4Y_UAkE2fTiKVs@z> gdb wrote: Take for example the incoming directory for anonymous ftp, /usr/none/incoming. There is a way to handle incoming directories for anon ftp working within the current permissions scheme, and it is (tersely) illustrated on the CD. (Basically, we want to be able to drop files off in /incoming but don't want the outside world to be able to read them). You can create a directory in incoming for each user, and set the permissions appropriately: d-rwxrwx-wx rsc rsc /usr/none/incoming/rsc Or you can just create a directory in incoming named for each user (but with any permissions, ownership you want) and bind the directory /usr/$user/incoming onto it, as was done in /lib/namespace.ftp on the CD: bind -c /usr/andrew/incoming /usr/none/incoming/andrew This has a few benefits. The first is that each user has h^(is er) own incoming directory and thus the namespace collisions go down tremendously (most users know when they are expecting files, especially files named "foo" or "bar"). Another advantage is that each user can turn on or off, quite easily, whether or not they are expecting files. Just "chmod o-wx incoming". By having this on only when expecting files, you reduce the chance of someone maliciously filling your disk with garbage. If you were really paranoid, you could "chmod -r /usr/none/incoming" and then people would have to know which directory to be in to drop off files. Third, if you don't want the world seeing whatever file is being dropped off, you might not (at least on a large server installation) want other users of the system seeing it either. This takes care of that as well. Fourth, if you want to leave a file for someone else, then you can simply create one in your incoming directory and chmod it "o+r" and then if they know the name, they can still read it. You've got all the functionality of the traditional ftp /incoming directories as well as easy user control of personal incoming directories. Russ ps. ignore my from address; i speak with less authority (and perhaps common sense) than anyone else on this list.