From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <ee9e417a050131195635420e71@mail.gmail.com>
Date: Mon, 31 Jan 2005 22:56:17 -0500
From: Russ Cox <russcox@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu>
Subject: Re: [9fans] remove files in /srv
In-Reply-To: <05b7ca7e8285696ad011d8d8b359dc20@orthanc.cc.titech.ac.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <05b7ca7e8285696ad011d8d8b359dc20@orthanc.cc.titech.ac.jp>
Topicbox-Message-UUID: 3b5e0698-eace-11e9-9e20-41e7f4b1d025

 > Anyone can replace files in /srv.  Bad things won't
> happen if /srv/boot has been replaced by a malicious user?

#s/boot is explicitly unremovable.

> Therefore, how about changing '#s' so that only file owner
> or host owner can remove the file?

This won't work well.  9fs alice creates /srv/alice as the user
who runs it, but if the connection is lost and someone else
runs 9fs alice, then they need permission to remove it and
replace it. 

It's not at all clear what the right answer is.  The users have
to trust themselves in /srv.

Russ