From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: Date: Sat, 27 Nov 2004 12:27:13 -0500 From: Russ Cox To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Subject: Re: [9fans] namespace construction In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <6dbd1b06e8bd4108e89b29d6e692b81f@plan9.ucalgary.ca> <200411262259.iAQMxj920959@zamenhof.cs.utwente.nl> Topicbox-Message-UUID: 0d2a19ce-eace-11e9-9e20-41e7f4b1d025 > void > main(int argc, char *argv[]) > { > rfork(RFCNAMEG); > bind("#c", "/dev", MAFTER); > execute("/boot/factotum", "factotum -n"); > print_owner("/mnt/factotum/ctl") > } > > where execute() is fork + exec + wait > and print_owner prints file owner. > > then the program will print "alice" > however if bind is commented out, it print "none" > Is this a specification ? Factotum reads /dev/user to learn its user name. > 2nd: > > we will find the line: > ai = fauth_proxy(afd, rpc, amount_getkey, "proto=p9any > role=client"); > in /sys/src/libauth/newns.c > note that user name is not specified here. > this can cause unexpected result. > for example, let factotum key for alice is: > key proto=p9sk1 dom=aichi-u.ac.jp user=alice !password? > key proto=p9sk1 dom=aichi-u.ac.jp user=bob !password? > then fauth_proxy will always get alice's key and constructs namespace > for alice even if alice want to be bob. > another example is: > if alice puts factotum keys into secstore > key proto=p9sk1 dom=aichi-u.ac.jp user=bob !password? > key proto=p9sk1 dom=aichi-u.ac.jp user=alice !password? > then alice will surprise to find that the namespace is not for alice. > why user is not specified in fauth_proxy ? The convention in Plan 9 is that the first usable key gets used. If the user name had to be specified, then that would just be one more thing to worry about that usually doesn't matter -- most of the time there is exactly one key that works. If alice wants to be bob, she can set up a different factotum with bob's keys first or comment out her own key. Not having to specify the user name means that I can mount file systems from multiple systems, where I might be rsc, or rcox, or russcox, or rscox2, or whatever else, without having to explicitly tell newns about all of these. Instead my factotum can fill in the details. It might be useful for users to be able to specify, on a per mount basis, which key to use, but newns is not a per-user thing -- that code sets up the name space for any user, not just alice, using files in /lib, so there's no place to put special annotations like "when I'm alice, use bob's key here." Note that if you're using mount or cpu instead of newns then you can use -k with a key pattern to specifiy a key. For example, mount -k 'user=bob' to force the mount to try only keys with user=bob. Russ