From: blstuart@bellsouth.net
To: 9fans@9fans.net
Subject: Re: [9fans] permissions
Date: Sun, 17 Oct 2010 15:17:19 -0400 [thread overview]
Message-ID: <b93762966de1d684ad29c8d3b39b2397@bellsouth.net> (raw)
In-Reply-To: <dcd4eb315f7c3bedba98069625268d07@plug.quanstro.net>
>> >Right. Aside from the persistent data file servers, like kfs,
>> >kenfs, and fossil (as Erik mentioned), there's not much that
>> >treats groups in the expected way.
>>
>> So if you'll continue to pardon my asking, who exactly tells a given
>> file server what constitutes a user or a group? In this particular
>> instance, I'm running fossil (without Venti) as the filesystem. So
>> then, doesn't /adm/users come from fossil? Wouldn't that mean that
>> it's fossil's responsibility to enforce permissions?
>
> in the current system, it's always the file server's responsiblity
> to maintain a list of users/groups as it sees fit. there is no
> central authority on users or groups. however, it's generally a
> very good idea to keep the user names in the authentication database
> in sync with your main file server. but there's no enforcement of
> this other than the host owner of the fileserver must exist in the
> auth database and the password must match. the host owner of
> the file server need not be in /adm/users at all!
Just to add a few bits. A file server only learns of the user on
whose behalf the client is making requests in the attach message.
>From then on, the server can do whatever it wants with that
information. It can implement the traditional user-group-world
permissions. It can implement access control lists. It can do
a user name translation and say that Bob will always get Alice's
priviliges. It can do anything it wants, because it's handling
the open request and will either succeed it for fail it and the
client reacts accordingly.
Another thing to note is that every file server can have a different
set of users and groups. Your fossil file system has one set
of users and groups you've defined. When you do a 9fs sources,
you attach to another file server with a completely different
set. In fact, there's no requirement that the intersection of
the sets be non-empty.
Finally, if we try to make the in-kernel file servers borrow
another file server's user/group list, there are some annoying
complications. If I have several file servers, which user list
do I use? The first thought would be to have it know about
/adm/users, but each process might have a different, or no,
/adm/users in its name space. Plus, there's a chicken and
egg problem. The server which gives you /dev/sd00/nvram
has to approve of the attach when fossil wants to open its
/dev/sd00/fossil, but until fossil has opened it, there's no
way of knowing what's in /adm/users on that particular fossil.
So for in-kernel file servers, it's best to look at them as hostowner
and world and forget about groups. For lib9p based servers,
you can link in a different implementation of hasperm() and
get whatever permissions checking you want, but the default
behavior is to assume that the named group has exactly one
member: the group leader.
BLS
next prev parent reply other threads:[~2010-10-17 19:17 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-17 5:35 Benjamin Huntsman
2010-10-17 6:00 ` Skip Tavakkolian
2010-10-17 6:19 ` erik quanstrom
2010-10-17 6:36 ` Benjamin Huntsman
2010-10-17 13:59 ` erik quanstrom
2010-10-17 16:01 ` blstuart
2010-10-17 16:11 ` erik quanstrom
2010-10-17 17:17 ` ron minnich
2010-10-17 18:11 ` Benjamin Huntsman
2010-10-17 18:18 ` erik quanstrom
2010-10-17 19:17 ` blstuart [this message]
2010-10-17 19:59 ` Benjamin Huntsman
2010-10-17 20:40 ` blstuart
2010-10-17 21:22 ` Benjamin Huntsman
2010-10-17 22:56 ` erik quanstrom
2010-10-18 9:00 ` Steve Simon
2010-10-18 9:29 ` dave.l
2010-10-18 9:34 ` Bruce Ellis
2010-10-18 11:07 ` Dave Eckhardt
2010-10-18 11:11 ` Bruce Ellis
2010-10-17 22:58 ` blstuart
2010-10-19 18:18 ` Nathaniel W Filardo
2010-10-17 23:00 ` erik quanstrom
-- strict thread matches above, loose matches on Subject: below --
2001-10-18 14:28 Russ Cox
2001-10-23 20:34 ` Matthew Hannigan
2001-10-24 8:44 ` Douglas A. Gwyn
2001-10-18 14:00 Russ Cox
2001-10-18 14:12 ` Lucio De Re
2001-10-18 13:56 Lucio De Re
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b93762966de1d684ad29c8d3b39b2397@bellsouth.net \
--to=blstuart@bellsouth.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).