From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <7f4f1b6833a2719ef7ff995d9abba5ae@quanstro.net> To: 9fans@9fans.net From: erik quanstrom Date: Wed, 6 Aug 2008 23:07:02 -0400 In-Reply-To: <621112A569DAE948AD25CCDCF1C075331AB324@dolly.ntdom.cupdx> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] fossil permission checking Topicbox-Message-UUID: fc6b6042-ead3-11e9-9d60-3106f5b1d025 >>i believe new directories in / are frowned upon > > Understood, though 'bootes' or whoever has superuser-like permissions should still have unlimited abilities, right? the concept in plan 9 is called the "host owner" or eve. eve has special abilities on the local machine. there are 31 places where eve is granted special excemption to normal permission checking in /sys/src/9/^(port ip). the reason for so many checks is that eve is given very targeted special abilities. it's very unlike the unix superuser. the fileserver, being distinct from the cpu server kernel, knows nothing of eve. as far as the fs is concerned, eve is just another user. so eve would not be special on /, which is served by the fs. on the other hand, /proc is typicall served by the local kernel and eve does have special permissions here. eve can change permissions on most processes. this allows eve to debug most processes running on a cpu server. > Or is this purely a function of the flags to mount the root? yes. > On a side-note though, what is the preferred UNIX equivalent of /usr/local or /usr2? there is none. >> Also, there's not exactly a command like UNIX's sudo, is there? no. there's nothing like it. you may wish to read /sys/doc/auth.ps - erik