[9fans] IL and NAT

[9fans] IL and NAT

[Christopher Nielsen]

I've been tinkering with connecting to my fileserver over IL
at home via my DSL line across the Internet and through a
Cisco router acting as a firewall and NAT.

The router keeps responding with ICMP host unreachable, but
I know I can get to the machines in question.

I've opened a TAC case with Cisco to see what they had to
say. Having probably never even heard of IL, the engineer
has responded that he doesn't think IL is "NAT compliant".

My gut response is bollocks, but is there any reason that IL
wouldn't work through NAT other than Cisco hasn't written
the code to handle it? 

-- 
Christopher Nielsen
cnielsen@pobox.com

Re: [9fans] IL and NAT

[Scott Schwartz]

| My gut response is bollocks, but is there any reason that IL
| wouldn't work through NAT other than Cisco hasn't written
| the code to handle it? 

That's exactly the problem with NAT.  Every application has to be
specially hacked into the firewall.

To my way of thinking, it's much nicer to import /net from the firewall
instead.

Re: [9fans] IL and NAT

[Steve Kilbane]

> My gut response is bollocks, but is there any reason that IL
> wouldn't work through NAT other than Cisco hasn't written
> the code to handle it? 

If I recall Firewall-1 correctly, you can bodge up support for
rare protocols by specifying some low-level transformation rules:
if (value at offset x) == y, change bytes elsewhere accordingly.
I was only skimming docs at the time, and never got around to
reading it in detail, so I might be completely wrong. Point is,
though, does your Cisco support something similar?

As for it going into the Cisco base product (from which an entire
range of Cisco units are produced), I'd put the chances at approximately
equal to the market: practically none. Even if you gave them the code
for free, they'd have to make sure it didn't break anything else, and
that'd cost them.

steve

Re: [9fans] IL and NAT

[geoff]

NAT routers generally have to rewrite port numbers (not just IP
addresses) for protocols that use them, and ports numbers are at
different offsets and of potentially different sizes in different
protocol's headers.  IL's port numbers appear later than TCP's and
UDP's, for example.  NAT routers will generally understand the headers
of TCP, UDP and ICMP at minimum, but I haven't encountered one yet
that understood IL (even Lucent's own).

Contrary to what Scott just said, it's not each application that has
to be added to a NAT router, but each protocol that rides directly on
IP (or beside it).

Re: [9fans] IL and NAT

[Christopher Nielsen]

On Fri, 17 Nov 2000 geoff@x.bell-labs.com wrote:

> NAT routers generally have to rewrite port numbers (not
> just IP addresses) for protocols that use them, and
> ports numbers are at different offsets and of
> potentially different sizes in different protocol's
> headers.  IL's port numbers appear later than TCP's and
> UDP's, for example.  NAT routers will generally
> understand the headers of TCP, UDP and ICMP at minimum,
> but I haven't encountered one yet that understood IL
> (even Lucent's own).

That makes perfect sense, and if I would have been a little
more patient and thought it through, I probably would have
figured that out.

That said, I have some sway with Cisco's development team,
so I _might_ be able to get them to implement support for
IL. I'll let you know how it goes.

-- 
Christopher Nielsen
cnielsen@pobox.com

Re: [9fans] IL and NAT

[Boyd Roberts]

From: <geoff@x.bell-labs.com>

> NAT routers generally have to rewrite port numbers (not just IP
> addresses) ...

yes, i tracked down a particularly nasty case of a firewall
doing NAT to UDP packets with a destination port of 53 [DNS].
i found that some DNS servers would not reply to requests
that didn't have a source port of 53; NAT having munged
the source address and port.

i would have found it a lot faster if my pleas for a
protocol analyser had been heeded -- i'd only been
bitching about it for a _year_.  somehow i managed
to forge up some queries that demonstrated the
problem.

i also had the added stumbling block of not knowing or
being able to know the firewall's config.  contractors
were prohibited from going near them, except when things
were _really_ screwed up.

``oh, but that's impossible, boyd... err, i see''.

Re: [9fans] IL and NAT

[Scott Schwartz]

| Contrary to what Scott just said, it's not each application that has
| to be added to a NAT router, but each protocol that rides directly on
| IP (or beside it).

Isn't it the case that some applications, like ftp, encode ip address
and port information in application layer traffic, which NAT has to
account for?  Linux seems to have code to handle that sort of stuff
(linux/net/ipv4/ip_masq*).

Re: [9fans] IL and NAT

[geoff]

[-- Attachment #1: Type: text/plain, Size: 365 bytes --]

I'm not sure; it's certainly possible that individual applications do
such things.

The usual problem with ftp is that by default ftp clients, especially
older ones, tend to trigger connections back from the target system to
port 20.  ftp's so-called ``passive'' mode forces the connections to
be placed from the initiating system and avoids this problem.


[-- Attachment #2: Type: message/rfc822, Size: 1786 bytes --]

From: Scott Schwartz <schwartz@bio.cse.psu.edu>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] IL and NAT
Date: Fri, 17 Nov 2000 22:02:08 -0500
Message-ID: <20001118030208.7775.qmail@g.bio.cse.psu.edu>

| Contrary to what Scott just said, it's not each application that has
| to be added to a NAT router, but each protocol that rides directly on
| IP (or beside it).

Isn't it the case that some applications, like ftp, encode ip address
and port information in application layer traffic, which NAT has to
account for?  Linux seems to have code to handle that sort of stuff
(linux/net/ipv4/ip_masq*).

Re: [9fans] IL and NAT

[Theo Honohan]

geoff@x.bell-labs.com wrote:
> scott wrote:
> >
> > Isn't it the case that some applications, like ftp, encode ip address 
> > and port information in application layer traffic, which NAT has to 
> > account for?  Linux seems to have code to handle that sort of stuff 
> > (linux/net/ipv4/ip_masq*). 
>
> I'm not sure; it's certainly possible that individual applications do
> such things.

I think Scott's right.  All viable NAT products do this, although it's not
strictly part of NAT.  A search for "NAT" on Cisco's site confirms
that they support the use of "PORT" in ftp, and a slew of features of
other protocols that would otherwise be broken by NAT.

Re: [9fans] IL and NAT

[anothy]

//That said, I have some sway with Cisco's
//development team, so I _might_ be able to
//get them to implement support for IL.

ooh, that'd be embarasing. Cisco supporting a
protocol developed at Bell Labs that Lucent's
own products don't support. er, or does Lucent
not do that sort of thing any more? maybe we
should go talk to Avaya...
-α.

Re: [9fans] IL and NAT

[presotto]

[-- Attachment #1: Type: text/plain, Size: 154 bytes --]

we don't do any in home stuff, that all goes off with avaya and Microelectronics,
our 2 current spin offs.  Orinoco (aka wavelan) also goes with micro.

[-- Attachment #2: Type: message/rfc822, Size: 1510 bytes --]

From: anothy@cosym.net
To: 9fans@cse.psu.edu, cnielsen@pobox.com
Subject: Re: [9fans] IL and NAT
Date: Sat, 18 Nov 2000 01:32:53 -0500
Message-ID: <20001118063257.01E01199F7@mail.cse.psu.edu>

//That said, I have some sway with Cisco's
//development team, so I _might_ be able to
//get them to implement support for IL.

ooh, that'd be embarasing. Cisco supporting a
protocol developed at Bell Labs that Lucent's
own products don't support. er, or does Lucent
not do that sort of thing any more? maybe we
should go talk to Avaya...
-α.

Re: [9fans] IL and NAT

[nigel]

[-- Attachment #1: Type: text/plain, Size: 2145 bytes --]

Before we are too down on NAT implementations, there is a distinction
between NAT and NAPT, according to various RFCs and associated
documents.

NAT means what is says: address translation.  NAPT means address and
port.  You can simply translate addresses and maintain the port, but
this means that typically only one internal node can communicate.If
you do this, then the protocol is irrelevant, and IL would pass
through.

In fact, since it has been mentioned, Lucent devices (neé Ascend),
worked this way until it became apparent that Cisco had implemented
NAPT and they rolled out the full monty. They called it "single address
translation".

Once you choose to translate ports as well, as has been said, you need
to understand where the ports are; for TCP and UDP it is in the same place,
so they get done. It is completely unsurprising that other protocols aren't.

ICMP gets done because it's dull if you can't traceroute and ping. It takes
hacks, but it can be done.

FTP is depressing. Anyone out there designing protocols: take note, don't
embed IP addresses in the stream.

Others are as bad, or insoluble: luckily, they are less important, like IRC
or RealAudio.

On top of this, to create some 'reliability', commerical NAT routers
have a list of TCP and UDP ports which they are prepared to translate.
'Known good' if you like.  My Pipeline 75 does not do POP3
automatically.  I had to tell it to, despite the protestations of the
manuals.  I looked for a software update, but since Lucent bought
them, this doesn't happen any more.  Some other products, I
understand, refuse straightforward protocols like POP3 despite best
efforts.

So, the summary is use 9p over TCP, not IL, unless you can rewrite
your router. This is becoming easier since both FreeBSD and Linux
have WAN drivers, and NAT code.

As it happens, all translation in FreeBSD is done using a library,
with plug-ins for various awkward protocols.  Fix the library, and all
the various translators (natd, pppd, pppoed) would all fall into
line. Modifying the implementation to do IL would be straightforward
I think.


[-- Attachment #2: Type: message/rfc822, Size: 2026 bytes --]

From: Theo Honohan <theoh@chiark.greenend.org.uk>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] IL and NAT
Date: Sat, 18 Nov 2000 13:53:50 +0000
Message-ID: <E13x8RD-0007iy-00@chiark.greenend.org.uk>

geoff@x.bell-labs.com wrote:
> scott wrote:
> >
> > Isn't it the case that some applications, like ftp, encode ip address 
> > and port information in application layer traffic, which NAT has to 
> > account for?  Linux seems to have code to handle that sort of stuff 
> > (linux/net/ipv4/ip_masq*). 
>
> I'm not sure; it's certainly possible that individual applications do
> such things.

I think Scott's right.  All viable NAT products do this, although it's not
strictly part of NAT.  A search for "NAT" on Cisco's site confirms
that they support the use of "PORT" in ftp, and a slew of features of
other protocols that would otherwise be broken by NAT.

Re: [9fans] IL and NAT

[Theo Honohan]

nigel@9fs.org wrote:
> 
> Before we are too down on NAT implementations, there is a distinction
> between NAT and NAPT, according to various RFCs and associated
> documents.

Yes, quite.  I didn't mean to be "down on" simple NAT implementations;
OTOH, I do still think it's a fair to say that you need to do both NAT
and NAPT to be a viable product, these days.

Re: [9fans] IL and NAT

[Boyd Roberts]

From: <nigel@9fs.org>

> In fact, since it has been mentioned, Lucent devices (neé Ascend),

you mean: née; the feminine past participle of the verb 'naître' [to be born].
the past participle is 'né' and is conjugated with 'être' [to be].  it's highly
irreguler, as most verbs, in the past tense, are conjugated with 'avoir' [to
have].

    je suis né [i was born]
    je suis née [if i was female]

bit like 'mourir' [to die]:

    je suis mort
    je suis morte

where normally you'd use 'avoir', except for movement and reflexive verbs:

    j'ai deconné [i screwed up or pissed about]

and no 'e' on the end of the past participle if you conjugate with 'avoir'.

but i digress :-)  je déconne...

[9fans] fs administration: how do people update multi-user fs?

[Axel Belinfante]

Just wondering how people who have multiple users using
their fs deal with fs permissions during update from sources.
(in case it makes a difference: non-fossil, but I assume
that the basic questions are independent of fs impl)

Planned down-time to run the update? Or update on-the-fly?
Use `allow' on boot? Use `allow' from console?
How do you avoid that those who do not run the update
profit (even just by accident) from the `allow' flag?
`Hangup' together with `noattach'?

Or is this all just a non-issue?

For updating on-the-fly, I'm wondering whether it would
help to add a version of the console `allow' command
that takes a uid, in the same way as duallow does.
Browsed the fs source; hacking it in does not seem to
be a problem, but, since it is not there yet, it seems
that people can live without it, hence I'm wondering:
what do others do?

Axel.

Re: [9fans] fs administration: how do people update multi-user fs?

[Russ Cox]

I removed the -u flag from /dist/replica/network
and just run as me.  Since I'm in group sys I have
permissions enough to do a pull.  There's no need
for allowing.

This mirrors the way the Plan 9 file server at Bell Labs
runs.  We don't "su to root" or anything like that to
install new binaries; we do it as ourselves, and make
sure our accounts have the right permissions.  Some
people who were more wary of having such permissions
all the time have maintained two accounts, e.g. glenda and
glendasys, switching to glendasys to do administrative
work.  That's still a far cry from root.

(Doing the software packaging I became painfully aware
of how bad Unix is in this regard.  It was impossible to
test my installations without su'ing to root.  You'd think
that some Unix would take the hint and use group permissions
so that you didn't have to be root to install potentially
untrusted pieces of software that come with custom build
scripts.)

Allow is useful to get started, and I made it the
default in the pull scripts for kfs because kfs is
usually a single-user system and allowing solved the
problem of remembering to be in group sys, but in
general I think it's a bigger hammer than you need.
If you're running your own file server, then I have
no problem with forcing you to figure out group sys.
A few people have proposed a per-uid allow or a
per-connection allow for the purposes of updating,
but to me, it feels way too much like root.  I like
the fact that you can't "allow" except when starting
the file system.

Russ

Re: [9fans] fs administration: how do people update multi-user fs?

[Ronald G. Minnich]

On Fri, 14 Feb 2003, Russ Cox wrote:

> (Doing the software packaging I became painfully aware
> of how bad Unix is in this regard.  It was impossible to
> test my installations without su'ing to root.  You'd think
> that some Unix would take the hint and use group permissions
> so that you didn't have to be root to install potentially
> untrusted pieces of software that come with custom build
> scripts.)

A few things I've noticed in recent years, esp. on Linux
- you need to be root more than you used to
- more priveleged ports, not less
- more setuid-root stuff, not less
- code that used to be portable to many systems now has trouble
  compiling on non-Linux systems

Things are going downhill in the OS monoculture.

ron

Re: [9fans] fs administration: how do people update multi-user fs?

[Jack Johnson]

Ronald G. Minnich wrote:
> A few things I've noticed in recent years, esp. on Linux
> - you need to be root more than you used to
> - more priveleged ports, not less

I know this is off-topic for this list, but would you be willing to
elaborate a bit?

I agree with you in the other areas, but it seems that we're trading
services, not necessarily adding services.  SSH for telnet and ftp, so
yes, maybe setuid-root, but we add a privileged port and drop two.  We
might add Samba or netatalk to a system that already has NFS shares, but
the reasons they're privileged ports seem to be outside the hands of the
Linux community, and most of the added privileged ports seem to be
running as unique users now, instead of all running as root.

It also seems like increased usage of chrooted/jailed services has made
things slightly better, even though it's still privileged, and yes,
still a mess.

Are there better ways?  Sure, but you're not likely to see them widely
implemented anytime soon.  As long as Linux continues to accrete
functionality to accomodate Someone Else's OS the prevalent services
will always be less than desired, but I don't see it as any worse than
it was five years ago, just more of the same.

I'm always suprised that there isn't more prevalent bootstrapping going
on in the client world for halfway decent services.  I wouldn't mind
seeing an SFS client for Windows, or heck, even Java.  Though I think
OSX will let you have WebDAV home directories now, there should be some
facility for arbitrary-service-home-directory for PAM.

(Is the 9P on Python project still in existence?)

-Jack

Re: [9fans] fs administration: how do people update multi-user fs?

[andrey mirtchovski]

On Fri, 14 Feb 2003, Jack Johnson wrote:

> It also seems like increased usage of chrooted/jailed services has made
> things slightly better, even though it's still privileged, and yes,
> still a mess.
>
> Are there better ways?

[snip]

It was pointed to me recently that after ten years of mulling with the
implementation of "proper" jail/chroot environment (i.e. one that is not
trivially b0rken) the FreeBSD security people have arrived at the
conclusion that "something akin to Plan9's private namespaces may not be a
bad idea"... Indeed it takes time, but sooner or later Linux/*BSD will adopt
the ideas from Plan9 (some they have already -- devfs comes as an example).

We need to do something before that time comes, otherwise no matter how bad
their implementations are, everybody will say "well, I use linux because
it's good enough" and everything will be lost...

andrey


ps: In a recent conversation I heard a person say "I can't for the life of me
figure out how to play [some brand spanking new video format] in Windows! In
Linux it just works."

Times have changed, haven't they?

Re: [9fans] fs administration: how do people update multi-user fs?

[Ronald G. Minnich]

On Fri, 14 Feb 2003, andrey mirtchovski wrote:

> It was pointed to me recently that after ten years of mulling with the
> implementation of "proper" jail/chroot environment (i.e. one that is not
> trivially b0rken) the FreeBSD security people have arrived at the
> conclusion that "something akin to Plan9's private namespaces may not be a
> bad idea"...

wow, I first started trying to get them interested in this in 1996.  No
interest of any kind. Looks like we have a time constant ... 7 years. At
least it's prime.

ron

Re: [9fans] fs administration: how do people update multi-user fs?

[northern snowfall]

>
>
>wow, I first started trying to get them interested in this in 1996.  No
>interest of any kind. Looks like we have a time constant ... 7 years. At
>least it's prime.
>
The thing that bugs me about this is that the FreeBSD team wasn't
interested in
private namespaces until they started researching the NSA's work on SELinux.
(Quoting from FreeBSD developers)
Plan9 has done this for ... how long.... yet, its work just isn't as
important as,
say, the NSA...
Don

>

Re: [9fans] fs administration: how do people update multi-user fs?

[Roman V. Shaposhnick]

On Fri, Feb 14, 2003 at 10:28:11AM -0700, andrey mirtchovski wrote:
> On Fri, 14 Feb 2003, Jack Johnson wrote:
> Indeed it takes time, but sooner or later Linux/*BSD will adopt
> the ideas from Plan9 (some they have already -- devfs comes as an example).

  Speaking about Linux in general and  devfs in particular I'd trade
  adopting the ideas for adopting the code style and cleanliness without
  a hint of hesitation.

  As for ideas, last time I spoke with Al Viro, he told me that implementing
  full blown namespaces will upset looserland tremendously. So, he's not
  doing it.

Thanks,
Roman.

P.S. Yes, I know, everytime somebody mentions devfs -- I have this itch
to scratch ;-)

Re: [9fans] fs administration: how do people update multi-user fs?

[Ronald G. Minnich]

On Fri, 14 Feb 2003, Jack Johnson wrote:

> Ronald G. Minnich wrote:
> > A few things I've noticed in recent years, esp. on Linux
> > - you need to be root more than you used to
> > - more priveleged ports, not less
>
> I agree with you in the other areas, but it seems that we're trading
> services, not necessarily adding services.

yeah but. Some are new, some old, some just moved, all assume that priv
ports somehow covers the problems. Each one of these new nice services
makes you more vulnerable.  The problem is we're continuing to glue stuff
onto a system that probably can't be fixed, and nobody seems to care too
much. Priv ports have been known to be a hack forever, but we use them
more than ever. This seems a bad trend.

I was also thinking of the move of the NFS port from 2049 to priv space.
That was a really insecure protocol, and it still is: people seem to feel
that moving it to priv space somehow made things better. Kind of funny,
isn't it? After all, nobody can just boot dos and run a little code,
right?

ron

Re: [9fans] fs administration: how do people update multi-user fs?

[Lucio De Re]

On Fri, Feb 14, 2003 at 10:16:47AM -0500, Russ Cox wrote:
>
> I removed the -u flag from /dist/replica/network
> and just run as me.  Since I'm in group sys I have
> permissions enough to do a pull.  There's no need
> for allowing.
>
You can't create new files, though, and assign them sys as owner or
special permissions.  Unless of course you manage to log in as "sys".

> [ ... ]
>
> Russ

Well, I'll be flattered, Russ manages to mirror my semntiments pretty
accurately.  That should worry him.

++L

Re: [9fans] fs administration: how do people update multi-user fs?

[Russ Cox]

> You can't create new files, though, and assign them sys as owner or
> special permissions.  Unless of course you manage to log in as "sys".

right, removing -u does not set the owners.
the owners don't matter anyway.

you can certainly set the permissions to
whatever you want, though -- you're the owner!

[9fans] chown in fossil

[Fco.J.Ballesteros]

When you try to chown a file in fossil, you sometimes get
an error like `attempting to change length of a directory entry'.

Is that a bug or a feature? I was going to take a look at it
but don't know if that's the intended behaviour.

Re: [9fans] chown in fossil

[Russ Cox]

what is the exact error?

Re: [9fans] chown in fossil

[Fco.J.Ballesteros]

[-- Attachment #1: Type: text/plain, Size: 114 bytes --]


chown: can't chown wiki to paurea: wstat -- attempt to change length of directory

The old owner was "nemo".

[-- Attachment #2: Type: message/rfc822, Size: 1389 bytes --]

From: "Russ Cox" <rsc@plan9.bell-labs.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] chown in fossil
Date: Fri, 14 Feb 2003 11:17:50 -0500
Message-ID: <90358b2def55278e58cc538d9f6a45d8@plan9.bell-labs.com>

what is the exact error?

Re: [9fans] chown in fossil

[Russ Cox]

fossil is fussier about rejecting bad 9p requests
than any of our other file servers.  in this case
your chown Twstat message is actually attempting
to change the length field as well as the uid field.

which program are you using to chown?  chgrp -o
looks like it does the right thing.

Re: [9fans] chown in fossil

[Fco.J.Ballesteros]

[-- Attachment #1: Type: text/plain, Size: 186 bytes --]

Ugh. That was it. We had a chown.c from a long time ago (even before we had
the 3rd ed. fs running). I got used to chown and never used chgrp -o.
I just deleted chown.

thanks a lot.

[-- Attachment #2: Type: message/rfc822, Size: 1557 bytes --]

From: "Russ Cox" <rsc@plan9.bell-labs.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] chown in fossil
Date: Fri, 14 Feb 2003 11:23:12 -0500
Message-ID: <feba7225d7991b1f9f7c8c39768fdcd9@plan9.bell-labs.com>

fossil is fussier about rejecting bad 9p requests
than any of our other file servers.  in this case
your chown Twstat message is actually attempting
to change the length field as well as the uid field.

which program are you using to chown?  chgrp -o
looks like it does the right thing.

Re: [9fans] fs administration: how do people update multi-user fs?

[Christopher Nielsen]

On Fri, Feb 14, 2003 at 05:33:50PM +0200, Lucio De Re wrote:
> On Fri, Feb 14, 2003 at 10:16:47AM -0500, Russ Cox wrote:
> >
> > I removed the -u flag from /dist/replica/network
> > and just run as me.  Since I'm in group sys I have
> > permissions enough to do a pull.  There's no need
> > for allowing.
> >
> You can't create new files, though, and assign them sys as owner or
> special permissions.  Unless of course you manage to log in as "sys".

Why do you need to assign them to be owned by sys?
I find it better to be owned by the person that
made the changes. Better for tracking who made
changes to what last.

--
Christopher Nielsen - Metal-wielding pyro techie
madhatter@teaparty.org
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: [9fans] fs administration: how do people update multi-user fs?

[Geoff Collyer]

`ls -m' will tell you who last modified a file; there's no need for
ownership to also tell you that.

Re: [9fans] fs administration: how do people update multi-user fs?

[Christopher Nielsen]

On Fri, Feb 14, 2003 at 07:03:36PM -0800, Geoff Collyer wrote:
>
> `ls -m' will tell you who last modified a file; there's no need for
> ownership to also tell you that.

Oh! Very cool. I did not know that. That's what I get
for not reading the man page. :-)

--
Christopher Nielsen - Metal-wielding pyro techie
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: [9fans] fs administration: how do people update multi-user fs?

[Scott Schwartz]

| Why do you need to assign them to be owned by sys?
| I find it better to be owned by the person that
| made the changes. Better for tracking who made
| changes to what last.

The fileserver has a field for last-person; that's a different idea
than owner.

On a system with lots of users, maybe you want important files to be
owned by a virtual user in case one of the humans leaves and their
account gets deleted or otherwise needs to have it's power reduced.

Re: [9fans] fs administration: how do people update multi-user fs?

[Christopher Nielsen]

On Fri, Feb 14, 2003 at 10:13:15PM -0500, Scott Schwartz wrote:
>
> The fileserver has a field for last-person; that's a different idea
> than owner.
>
> On a system with lots of users, maybe you want important files to be
> owned by a virtual user in case one of the humans leaves and their
> account gets deleted or otherwise needs to have it's power reduced.

Very good point.

--
Christopher Nielsen - Metal-wielding pyro techie
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: [9fans] fs administration: how do people update multi-user fs?

[Andrew]

> On a system with lots of users, maybe you want important files to be
> owned by a virtual user in case one of the humans leaves and their
> account gets deleted or otherwise needs to have it's power reduced.
>
perhaps an update (not root) account specifically for updating would
work? Im gearing up to get my system worked out and am not sure what
would be the best way to do all this either.

Re: [9fans] fs administration: how do people update multi-user fs?

[Dan Cross]

> perhaps an update (not root) account specifically for updating would
> work? Im gearing up to get my system worked out and am not sure what
> would be the best way to do all this either.

Why not just give sys a password and login as it when you need to
do a pull?

	- Dan C.

Re: [9fans] fs administration: how do people update multi-user fs?

[Lucio De Re]

On Fri, Feb 14, 2003 at 06:56:41PM -0800, Christopher Nielsen wrote:
>
> Why do you need to assign them to be owned by sys?
> I find it better to be owned by the person that
> made the changes. Better for tracking who made
> changes to what last.
>
Tidiness and public release.  And the new history(1) command records
the last change eefector anyway.

I get a little uncomfortable when a file in an archive is owned by
"rob" and there is no "rob" in my /adm/users.  I do appreciate that
this gets corrected, but having files owned by "none" as a result is
even more disconcerting.  And difficult to fix.

++L

Re: [9fans] fs administration: how do people update multi-user fs?

[Russ Cox]

> I get a little uncomfortable when a file in an archive is owned by
> "rob" and there is no "rob" in my /adm/users.  I do appreciate that
> this gets corrected, but having files owned by "none" as a result is
> even more disconcerting.  And difficult to fix.

I'm not sure what you're talking about.  If you pull with
the -u flag in your scripts, then copied files will be owned
by sys, despite being owned by rob or whoever on sources.
If you don't have it, they'll be owned by lucio or whoever runs
pull.

In no case should you end up with files owned by rob or by none.

Russ

Re: [9fans] fs administration: how do people update multi-user fs?

[Lucio De Re]

On Sat, Feb 15, 2003 at 09:18:09AM -0500, Russ Cox wrote:
>
> In no case should you end up with files owned by rob or by none.
>
In the more general case of unwinding an archive such as tar files,
I'm sure I've had situations where a non-existent user was translated
to "none".

But I've had so many dicky installations of Plan 9, from 2ed to the
present, that I could have been hoisting myself on my own petard.
Still, I have seen odd situations, so I'm sure the warning is not
unjustified.

++L

Re: [9fans] fs administration: how do people update multi-user fs?

[Russ Cox]

> Still, I have seen odd situations, so I'm sure the warning is not
> unjustified.

I agree -- I think that the wrap tools might have done this.
My point was just that with the current tools you should never
get files owned by anyone but you and system accounts.

Re: [9fans] fs administration: how do people update multi-user fs?

[Lucio De Re]

On Sun, Feb 16, 2003 at 09:20:39AM -0500, Russ Cox wrote:
>
> > Still, I have seen odd situations, so I'm sure the warning is not
> > unjustified.
>
> I agree -- I think that the wrap tools might have done this.
> My point was just that with the current tools you should never
> get files owned by anyone but you and system accounts.

This could be taken to mean that there was a time when "none" was the
default destination file owner if the source owner was not recognised
on the destination host, and that none of the currently in use tools
manifest this behaviour any more.

The reason I'm being pedantic, is that I'd like to be sure that this
behaviour is not something hidden in the file handling somewhere that
will return to haunt those of us who are not aware of it.  If it is,
then it would be good to have it documented.

++L

Re: [9fans] fs administration: how do people update multi-user fs?

[Russ Cox]

When a file is created, it is owned by the person who created it.

If you logged into a kfs system using a user name that was
not in /adm/users, then to kfs you are logged in as `none'.

If you are using a tool that sets the owner of a file
on a kfs system in allow mode, then kfs does not check
that you ask for a valid uid.  If you ask for a user not
in /adm/users, it will use `none'.

The file server kernel and fossil are both much more
paranoid -- they will not let you log in and will not let
you chown when the users don't exist.

Kfs was never meant to be more than a crutch.  The fact
that it is the most commonly used file server on Plan 9
is little more than an unfortunate historical accident.

Russ

Re: [9fans] fs administration: how do people update multi-user fs?

[Kenji Arisawa]

On Fri, Feb 14, 2003 at 10:16:47AM -0500, Russ Cox wrote:
>
> I removed the -u flag from /dist/replica/network
> and just run as me.  Since I'm in group sys I have
> permissions enough to do a pull.  There's no need
> for allowing.
>
I would like to agree with Russ but some old files have permissions:
--rw-r--r-- M 161 sys     sys  24982 Dec 12  1999 troff/FIXES
--rw-r--r-- M 161 sys     sys   1168 Dec 12  1999 troff/README
--rw-r--r-- M 161 sys     sys   9115 Dec 12  1999 troff/dwbinit.c
--rw-r--r-- M 161 sys     sys    491 Dec 12  1999 troff/dwbinit.h
--rwxr-xr-x M 161 sys     sys     15 Dec 12  1999 troff/find

Kenji Arisawa

Re: [9fans] fs administration: how do people update multi-user fs?

[Lucio De Re]

On Sun, Feb 16, 2003 at 12:53:40AM +0900, Kenji Arisawa wrote:
> >
> I would like to agree with Russ but some old files have permissions:
> --rw-r--r-- M 161 sys     sys  24982 Dec 12  1999 troff/FIXES
> --rw-r--r-- M 161 sys     sys   1168 Dec 12  1999 troff/README
> --rw-r--r-- M 161 sys     sys   9115 Dec 12  1999 troff/dwbinit.c
> --rw-r--r-- M 161 sys     sys    491 Dec 12  1999 troff/dwbinit.h
> --rwxr-xr-x M 161 sys     sys     15 Dec 12  1999 troff/find
>
I think that a special CPU/AUTH server with permission to speak for
"sys" is called for.  Altering the /lib/ndb/auth files is one option,
another is to have a small host just for things like this.

Or am I missing something?

++L

Re: [9fans] fs administration: how do people update multi-user fs?

[Dan Cross]

> I think that a special CPU/AUTH server with permission to speak for
> "sys" is called for.  Altering the /lib/ndb/auth files is one option,
> another is to have a small host just for things like this.
>
> Or am I missing something?

What's wrong with just logging in as sys, if that's what's desired?

	- Dan C.

Re: [9fans] fs administration: how do people update multi-user fs?

[Russ Cox]

arguably pull should know how to turn the
write bits on and then turn them off again
when changing a read-only file.

i've been trying to catch files that aren't
group writable and just fix the modes.

Re: [9fans] fs administration: how do people update multi-user fs?

[Dan Cross]

> I like the fact that you can't "allow" except when starting
> the file system.

In the current file server (not fossil), you can ``allow'' from the
console when it's up and running (and then ``disallow'').  I just wish
you could toggle none attaches, as well.  I can wait for fossil to take
over, though.

btw- I still like the idea of /dist/replica/inst and /dist/replica/site;
is there any chance of getting such things sanctioned by the powers that
be and put on sources?

	- Dan C.