Date: Sun, 3 Aug 2003 14:26:27 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 35437 for review Message-ID: <200308032126.h73LQROm042890@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=35437 Change 35437 by rwatson@rwatson_paprika on 2003/08/03 14:25:56 More notes on file permissions and UFS protections, to be fleshed out into text later. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#8 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#8 (text+ko) ==== @@ -1376,7 +1376,7 @@ </sect4> <sect4 id="secarch-ufsmode"> - <title>UFS Mode Field</title> + <title>UFS Owner and Mode Fields</title> <para></para> @@ -1392,20 +1392,35 @@ generally implemented only at open() for files, per operation for directories -file - write - read - execute +file, device, fifo + write write/append file contents, truncate file, map writable + read read file contents, map readable + execute permission to execve() apply to data of file; also user namespace extended attributes system namespace extended attributes require suser - admin limited to owner, suser + admin limited to owner + + additional protections may apply to device objects as implemented + by the device driver. + +socket + write (connect) + read unused + execute unused + +symlink + permissions have no effect on symlink operations directory - write - read - execute + write (insert, delete) + read (list) + execute (lookup) + sticky bit special protection for objects in directory + must be object owner or directory owner to + delete/replace entries in the directory, + regardless of permissions apply to data of directory; also user namespace extended attributes system namespace extended attributes require suser @@ -1467,6 +1482,29 @@ requested creation mode for the operation, and the protections on the parent directory (specifically, the default ACL). +New UFS file system objects will be assigned the effective uid +of the authorizing credential as their owner uid. + +New UFS file system objects will be assigned a group equal to the +group of the directory in which the object is created. + +Setgid flag removed from new file system objects if the creating +credential is not a member of the group. + +Processes requesting the creation of the file provide two elements +used to calculate the new object's mode bits: an explicit creation +mode argument to the call creating the object, and an implicit +process umask, set by the umask() system call, which masks the +creation mode. + +In addition, the setgid bit will not be included in the mode of +a new object even if requested, if the object does not have a +group that appears in the process credential effective or extended +group. + +The sticky bit is only permitted for directory objects if the +authorizing credential is not privileged. + Note: composition of default ACL, umask, and cmode, are as defined in POSIX.1e; some other systems use alternative compositions. </para>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308032126.h73LQROm042890>