Re: [9fans] fossil permission checking

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] fossil permission checking
Date: Wed,  6 Aug 2008 23:07:02 -0400	[thread overview]
Message-ID: <7f4f1b6833a2719ef7ff995d9abba5ae@quanstro.net> (raw)
In-Reply-To: <621112A569DAE948AD25CCDCF1C075331AB324@dolly.ntdom.cupdx>

>>i believe new directories in / are frowned upon
>
> Understood, though 'bootes' or whoever has superuser-like permissions should still have unlimited abilities, right?

the concept in plan 9 is called the "host owner" or eve.  eve
has special abilities on the local machine.  there are 31 places where
eve is granted special excemption to normal permission checking
in /sys/src/9/^(port ip).  the reason for so many checks is that eve
is given very targeted special abilities.  it's very unlike the unix
superuser.  the fileserver, being distinct from the cpu server kernel,
knows nothing of eve.  as far as the fs is concerned, eve is just another
user.  so eve would not be special on /, which is served by the fs.  on
the other hand, /proc is typicall served by the local kernel and eve
does have special permissions here.  eve can change permissions on
most processes.  this allows eve to debug most processes running
on a cpu server.

> Or is this purely a function of the flags to mount the root?

yes.

> On a side-note though, what is the preferred UNIX equivalent of /usr/local or /usr2?

there is none.

>> Also, there's not exactly a command like UNIX's sudo, is there?

no.  there's nothing like it.  you may wish to read /sys/doc/auth.ps

- erik

     prev parent reply	other threads:[~2008-08-07  3:07 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-07  0:10 Benjamin Huntsman
2008-08-07  0:24 ` andrey mirtchovski
2008-08-07  1:01   ` Benjamin Huntsman
2008-08-07  1:36     ` Uriel
2008-08-07  2:18     ` andrey mirtchovski
2008-08-07  3:07     ` erik quanstrom [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7f4f1b6833a2719ef7ff995d9abba5ae@quanstro.net \
    --to=quanstro@quanstro.net \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).