Date: Thu, 26 Dec 1996 22:41:06 +0100 (MET) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@freebsd.org (FreeBSD hackers) Cc: owensc@enc.edu, ben@narcissus.ml.org Subject: Re: multi-group file access techniques / directory hardlinks Message-ID: <199612262141.WAA00148@uriah.heep.sax.de> In-Reply-To: <Pine.FBS.3.93.961226140036.24466D-100000@dingo.its.enc.edu> from Charles Owens at "Dec 26, 96 02:40:15 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
As Charles Owens wrote: > > Directory hardlinks are impossible in FreeBSD. They have been > > discontinued quite some time ago. > > Uhhh... well, sort of. At least as of 2.1.6 it is still possible to use > ln(1) to create directory hardlinks using an undocumented flag. > 3. The official FreeBSD stance (that I seem to be hearing) that > directory hardlinks are unsupported is based on: > > a. the insufficient status of the tool support (previous point) > - and/or - > b. the fact that directory hardlinks are dangerous in the > hands of the uncareful. c. the fact that directory hardlinks have been discontinued in 2.2. 2.1.6 did indeed still support it, since this was a new feature, hence it didn't go into the 2.1.x tree. They are not only dangerous in the hands of the uncareful, but they are dangerous at all. As i wrote earlier, fsck did _always_ complain about additional hardlinks, so it was always an error to even try it. > As I stated in my original posting (on Dec 18), my goal is to come up with > an optimum technique for allowing multiple groups controlled access to a > file tree. It's probably better to concentrate on a one group per user technique, and put all the other people who are allowed mutually into secondary groups. The ugly old limits for secondary groups have just been killed (but this won't be in 2.2 yet). The experience on freefall proves that this concept is workable, although there's still a tool missing where a user can invite and de-invite others into his group. Maybe i'm missing something here, but it seems to me that those secondary groups should do what you want. David Nugent also suggested to me in private mail that he is thinking of a .db file for the group list as well, so speed issues might also go away soon. > A recent *article in 'Sys Admin' deals with this problem. One of the two > techniques suggested relies on the use of directory hardlinks, which is > why I'm currently interested in the topic. Even in systems that support them, they were only allowed for root users anyway. In order to remove such an extraneous hardlink, you had to bypass any and all validation tests in the kernel (as it is e.g. done if a directory is not empty, but you try rmdir'ing it). Finally, we aren't the first disallowing directory hardlinks. I personally know Data General's DG/UX which used to disallow this misfeature at least since 1990, Linux doesn't allow this, and i think there were even more systems. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612262141.WAA00148>