From: Uriel <uriel99@gmail.com>
To: "Fans of the OS Plan 9 from Bell Labs" <9fans@9fans.net>
Subject: Re: [9fans] fossil permission checking
Date: Thu, 7 Aug 2008 03:36:49 +0200 [thread overview]
Message-ID: <5d375e920808061836n390c0b9dmecd8d1a8bb9dc39f@mail.gmail.com> (raw)
In-Reply-To: <621112A569DAE948AD25CCDCF1C075331AB324@dolly.ntdom.cupdx>
There is no 'super-user' in Plan 9, bootes is (for the most part) a
user like any other, that just happens to be the owner of most kernel
file servers. It has no special privileges, in Plan 9 there is nothing
like root that lets you ignore file permissions and so on, the kernel
applies the same rules to everyone.
This is one of the things that were badly broken in the Unix security
model and was fixed in Plan 9. I specially recommend reading the
'Security in Plan 9' paper.
Peace
uriel
On Thu, Aug 7, 2008 at 3:01 AM, Benjamin Huntsman
<BHuntsman@mail2.cu-portland.edu> wrote:
>>i believe new directories in / are frowned upon
>
> Understood, though 'bootes' or whoever has superuser-like permissions should still have unlimited abilities, right?
> Or is this purely a function of the flags to mount the root? On a side-note though, what is the preferred UNIX equivalent of /usr/local or /usr2?
>
> However, permissions are still wrong somewhere, as I can't:
> cp /adm/timezone/US_Pacific /adm/timezone/local
> per the last part of the installation instructions, which also yields a permission denied message, even while logged in under the 'out-of-the-box' user glenda.
>
> Thanks again!
>
>
> -----Original Message-----
> From: 9fans-bounces@9fans.net on behalf of andrey mirtchovski
> Sent: Wed 8/6/2008 5:24 PM
> To: Fans of the OS Plan 9 from Bell Labs
> Subject: Re: [9fans] fossil permission checking
>
> / is indeed mounted without -c. if you want to create a directory in /
> use /root. see 'nm' for how the namespace is constructed.
>
> i believe new directories in / are frowned upon (even if created in
> /root). i can't find the relevant message in the archives.
>
> On Wed, Aug 6, 2008 at 6:10 PM, Benjamin Huntsman
> <BHuntsman@mail2.cu-portland.edu> wrote:
>> I'm having some trouble setting up a terminal (which will become a cpu/auth server).
>> I've gotten the 9pccpuf kernel booted, and is running as the user bootes, but even from the server's console, if I type something as simple as "echo hi > /foo" I receive the message:
>>
>> mounted directory forbids creation
>>
>> I've basically followed the wiki pages on setting up a standalone auth/cpu server, though it's not getting me very far on the fossil side of things... I chose all of the defaults during the install process,
>>
>> Can someone give me a quick tip as to how to set up a new cpu/fossil user that can actually write to something other than their home directory?
>>
>> Also, there's not exactly a command like UNIX's sudo, is there?
>>
>> Thanks in advance!
>>
>>
>
>
>
next prev parent reply other threads:[~2008-08-07 1:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-07 0:10 Benjamin Huntsman
2008-08-07 0:24 ` andrey mirtchovski
2008-08-07 1:01 ` Benjamin Huntsman
2008-08-07 1:36 ` Uriel [this message]
2008-08-07 2:18 ` andrey mirtchovski
2008-08-07 3:07 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d375e920808061836n390c0b9dmecd8d1a8bb9dc39f@mail.gmail.com \
--to=uriel99@gmail.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).