* [9fans] fossil permission checking @ 2008-08-07 0:10 Benjamin Huntsman 2008-08-07 0:24 ` andrey mirtchovski 0 siblings, 1 reply; 6+ messages in thread From: Benjamin Huntsman @ 2008-08-07 0:10 UTC (permalink / raw) To: 9fans I'm having some trouble setting up a terminal (which will become a cpu/auth server). I've gotten the 9pccpuf kernel booted, and is running as the user bootes, but even from the server's console, if I type something as simple as "echo hi > /foo" I receive the message: mounted directory forbids creation I've basically followed the wiki pages on setting up a standalone auth/cpu server, though it's not getting me very far on the fossil side of things... I chose all of the defaults during the install process, Can someone give me a quick tip as to how to set up a new cpu/fossil user that can actually write to something other than their home directory? Also, there's not exactly a command like UNIX's sudo, is there? Thanks in advance! ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] fossil permission checking 2008-08-07 0:10 [9fans] fossil permission checking Benjamin Huntsman @ 2008-08-07 0:24 ` andrey mirtchovski 2008-08-07 1:01 ` Benjamin Huntsman 0 siblings, 1 reply; 6+ messages in thread From: andrey mirtchovski @ 2008-08-07 0:24 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs / is indeed mounted without -c. if you want to create a directory in / use /root. see 'nm' for how the namespace is constructed. i believe new directories in / are frowned upon (even if created in /root). i can't find the relevant message in the archives. On Wed, Aug 6, 2008 at 6:10 PM, Benjamin Huntsman <BHuntsman@mail2.cu-portland.edu> wrote: > I'm having some trouble setting up a terminal (which will become a cpu/auth server). > I've gotten the 9pccpuf kernel booted, and is running as the user bootes, but even from the server's console, if I type something as simple as "echo hi > /foo" I receive the message: > > mounted directory forbids creation > > I've basically followed the wiki pages on setting up a standalone auth/cpu server, though it's not getting me very far on the fossil side of things... I chose all of the defaults during the install process, > > Can someone give me a quick tip as to how to set up a new cpu/fossil user that can actually write to something other than their home directory? > > Also, there's not exactly a command like UNIX's sudo, is there? > > Thanks in advance! > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] fossil permission checking 2008-08-07 0:24 ` andrey mirtchovski @ 2008-08-07 1:01 ` Benjamin Huntsman 2008-08-07 1:36 ` Uriel ` (2 more replies) 0 siblings, 3 replies; 6+ messages in thread From: Benjamin Huntsman @ 2008-08-07 1:01 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs [-- Attachment #1: Type: text/plain, Size: 1968 bytes --] >i believe new directories in / are frowned upon Understood, though 'bootes' or whoever has superuser-like permissions should still have unlimited abilities, right? Or is this purely a function of the flags to mount the root? On a side-note though, what is the preferred UNIX equivalent of /usr/local or /usr2? However, permissions are still wrong somewhere, as I can't: cp /adm/timezone/US_Pacific /adm/timezone/local per the last part of the installation instructions, which also yields a permission denied message, even while logged in under the 'out-of-the-box' user glenda. Thanks again! -----Original Message----- From: 9fans-bounces@9fans.net on behalf of andrey mirtchovski Sent: Wed 8/6/2008 5:24 PM To: Fans of the OS Plan 9 from Bell Labs Subject: Re: [9fans] fossil permission checking / is indeed mounted without -c. if you want to create a directory in / use /root. see 'nm' for how the namespace is constructed. i believe new directories in / are frowned upon (even if created in /root). i can't find the relevant message in the archives. On Wed, Aug 6, 2008 at 6:10 PM, Benjamin Huntsman <BHuntsman@mail2.cu-portland.edu> wrote: > I'm having some trouble setting up a terminal (which will become a cpu/auth server). > I've gotten the 9pccpuf kernel booted, and is running as the user bootes, but even from the server's console, if I type something as simple as "echo hi > /foo" I receive the message: > > mounted directory forbids creation > > I've basically followed the wiki pages on setting up a standalone auth/cpu server, though it's not getting me very far on the fossil side of things... I chose all of the defaults during the install process, > > Can someone give me a quick tip as to how to set up a new cpu/fossil user that can actually write to something other than their home directory? > > Also, there's not exactly a command like UNIX's sudo, is there? > > Thanks in advance! > > [-- Attachment #2: winmail.dat --] [-- Type: application/ms-tnef, Size: 3895 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] fossil permission checking 2008-08-07 1:01 ` Benjamin Huntsman @ 2008-08-07 1:36 ` Uriel 2008-08-07 2:18 ` andrey mirtchovski 2008-08-07 3:07 ` erik quanstrom 2 siblings, 0 replies; 6+ messages in thread From: Uriel @ 2008-08-07 1:36 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs There is no 'super-user' in Plan 9, bootes is (for the most part) a user like any other, that just happens to be the owner of most kernel file servers. It has no special privileges, in Plan 9 there is nothing like root that lets you ignore file permissions and so on, the kernel applies the same rules to everyone. This is one of the things that were badly broken in the Unix security model and was fixed in Plan 9. I specially recommend reading the 'Security in Plan 9' paper. Peace uriel On Thu, Aug 7, 2008 at 3:01 AM, Benjamin Huntsman <BHuntsman@mail2.cu-portland.edu> wrote: >>i believe new directories in / are frowned upon > > Understood, though 'bootes' or whoever has superuser-like permissions should still have unlimited abilities, right? > Or is this purely a function of the flags to mount the root? On a side-note though, what is the preferred UNIX equivalent of /usr/local or /usr2? > > However, permissions are still wrong somewhere, as I can't: > cp /adm/timezone/US_Pacific /adm/timezone/local > per the last part of the installation instructions, which also yields a permission denied message, even while logged in under the 'out-of-the-box' user glenda. > > Thanks again! > > > -----Original Message----- > From: 9fans-bounces@9fans.net on behalf of andrey mirtchovski > Sent: Wed 8/6/2008 5:24 PM > To: Fans of the OS Plan 9 from Bell Labs > Subject: Re: [9fans] fossil permission checking > > / is indeed mounted without -c. if you want to create a directory in / > use /root. see 'nm' for how the namespace is constructed. > > i believe new directories in / are frowned upon (even if created in > /root). i can't find the relevant message in the archives. > > On Wed, Aug 6, 2008 at 6:10 PM, Benjamin Huntsman > <BHuntsman@mail2.cu-portland.edu> wrote: >> I'm having some trouble setting up a terminal (which will become a cpu/auth server). >> I've gotten the 9pccpuf kernel booted, and is running as the user bootes, but even from the server's console, if I type something as simple as "echo hi > /foo" I receive the message: >> >> mounted directory forbids creation >> >> I've basically followed the wiki pages on setting up a standalone auth/cpu server, though it's not getting me very far on the fossil side of things... I chose all of the defaults during the install process, >> >> Can someone give me a quick tip as to how to set up a new cpu/fossil user that can actually write to something other than their home directory? >> >> Also, there's not exactly a command like UNIX's sudo, is there? >> >> Thanks in advance! >> >> > > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] fossil permission checking 2008-08-07 1:01 ` Benjamin Huntsman 2008-08-07 1:36 ` Uriel @ 2008-08-07 2:18 ` andrey mirtchovski 2008-08-07 3:07 ` erik quanstrom 2 siblings, 0 replies; 6+ messages in thread From: andrey mirtchovski @ 2008-08-07 2:18 UTC (permalink / raw) To: Fans of the OS Plan 9 from Bell Labs > However, permissions are still wrong somewhere, as I can't: > cp /adm/timezone/US_Pacific /adm/timezone/local /adm/timezone files are owned by the user/group 'adm', so if you want to modify them you should add the user you're doing this as to that group. i believe the issue comes from the instructions assuming that one is either serving fossil with the "don't check permissions" flag, or has done a "disk/kfs allow" (remember that command, anybody? :) having no user who can circumvent the file permissions is a very good thing, i believe. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [9fans] fossil permission checking 2008-08-07 1:01 ` Benjamin Huntsman 2008-08-07 1:36 ` Uriel 2008-08-07 2:18 ` andrey mirtchovski @ 2008-08-07 3:07 ` erik quanstrom 2 siblings, 0 replies; 6+ messages in thread From: erik quanstrom @ 2008-08-07 3:07 UTC (permalink / raw) To: 9fans >>i believe new directories in / are frowned upon > > Understood, though 'bootes' or whoever has superuser-like permissions should still have unlimited abilities, right? the concept in plan 9 is called the "host owner" or eve. eve has special abilities on the local machine. there are 31 places where eve is granted special excemption to normal permission checking in /sys/src/9/^(port ip). the reason for so many checks is that eve is given very targeted special abilities. it's very unlike the unix superuser. the fileserver, being distinct from the cpu server kernel, knows nothing of eve. as far as the fs is concerned, eve is just another user. so eve would not be special on /, which is served by the fs. on the other hand, /proc is typicall served by the local kernel and eve does have special permissions here. eve can change permissions on most processes. this allows eve to debug most processes running on a cpu server. > Or is this purely a function of the flags to mount the root? yes. > On a side-note though, what is the preferred UNIX equivalent of /usr/local or /usr2? there is none. >> Also, there's not exactly a command like UNIX's sudo, is there? no. there's nothing like it. you may wish to read /sys/doc/auth.ps - erik ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-08-07 3:07 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2008-08-07 0:10 [9fans] fossil permission checking Benjamin Huntsman 2008-08-07 0:24 ` andrey mirtchovski 2008-08-07 1:01 ` Benjamin Huntsman 2008-08-07 1:36 ` Uriel 2008-08-07 2:18 ` andrey mirtchovski 2008-08-07 3:07 ` erik quanstrom
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).