From: Russ Cox <russcox@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu>
Subject: Re: [9fans] namespace construction
Date: Sat, 27 Nov 2004 12:27:13 -0500 [thread overview]
Message-ID: <ee9e417a041127092747edb039@mail.gmail.com> (raw)
In-Reply-To: <D877FC06-406B-11D9-9E13-000393A941BC@ar.aichi-u.ac.jp>
> void
> main(int argc, char *argv[])
> {
> rfork(RFCNAMEG);
> bind("#c", "/dev", MAFTER);
> execute("/boot/factotum", "factotum -n");
> print_owner("/mnt/factotum/ctl")
> }
>
> where execute() is fork + exec + wait
> and print_owner prints file owner.
>
> then the program will print "alice"
> however if bind is commented out, it print "none"
> Is this a specification ?
Factotum reads /dev/user to learn its user name.
> 2nd:
>
> we will find the line:
> ai = fauth_proxy(afd, rpc, amount_getkey, "proto=p9any
> role=client");
> in /sys/src/libauth/newns.c
> note that user name is not specified here.
> this can cause unexpected result.
> for example, let factotum key for alice is:
> key proto=p9sk1 dom=aichi-u.ac.jp user=alice !password?
> key proto=p9sk1 dom=aichi-u.ac.jp user=bob !password?
> then fauth_proxy will always get alice's key and constructs namespace
> for alice even if alice want to be bob.
> another example is:
> if alice puts factotum keys into secstore
> key proto=p9sk1 dom=aichi-u.ac.jp user=bob !password?
> key proto=p9sk1 dom=aichi-u.ac.jp user=alice !password?
> then alice will surprise to find that the namespace is not for alice.
> why user is not specified in fauth_proxy ?
The convention in Plan 9 is that the first usable key gets used.
If the user name had to be specified, then that would just be
one more thing to worry about that usually doesn't matter -- most
of the time there is exactly one key that works.
If alice wants to be bob, she can set up a different factotum
with bob's keys first or comment out her own key.
Not having to specify the user name means that I can mount file
systems from multiple systems, where I might be rsc, or rcox, or
russcox, or rscox2, or whatever else, without having to explicitly
tell newns about all of these. Instead my factotum can fill in the
details. It might be useful for users to be able to specify, on a
per mount basis, which key to use, but newns is not a per-user
thing -- that code sets up the name space for any user, not just
alice, using files in /lib, so there's no place to put special annotations
like "when I'm alice, use bob's key here."
Note that if you're using mount or cpu instead of newns then you
can use -k with a key pattern to specifiy a key. For example,
mount -k 'user=bob' to force the mount to try only keys with
user=bob.
Russ
prev parent reply other threads:[~2004-11-27 17:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-07 0:09 [9fans] sokoban YAMANASHI Takeshi
2004-09-07 0:13 ` andrey mirtchovski
2004-09-07 0:34 ` Russ Cox
2004-11-26 22:59 ` Axel Belinfante
2004-11-27 11:59 ` [9fans] namespace construction arisawa
2004-11-27 15:38 ` Heiko Dudzus
2004-11-27 17:27 ` Russ Cox [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee9e417a041127092747edb039@mail.gmail.com \
--to=russcox@gmail.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).