Date: Thu, 28 Nov 2013 08:04:25 +0100 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@FreeBSD.org> To: Harald Schmalzbauer <h.schmalzbauer@omnilan.de> Cc: freebsd-stable@freebsd.org Subject: Re: Feature request: sticky bit inheritance Message-ID: <5FC93589-6AB1-4F43-98B3-C9281603A2AD@FreeBSD.org> In-Reply-To: <5295DF79.8060400@omnilan.de> References: <5295DF79.8060400@omnilan.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Wiadomo=9C=E6 napisana przez Harald Schmalzbauer w dniu 27 lis 2013, o = godz. 13:03: > Hello, >=20 > ever since I took a FreeBSD machine into production, acting as any = kind > of file server, I have to work arround the problem, that write access = to > a directory implies unlinking (deleting) directory contents. Never = heard > any sensible explanation why anybody would ever want that behaviour, = but > it's been like that for decades and everybody seems to be fine with > that!?! Maybe because there's the stick bit, which is a usable = workarround. > Unfortunately, there's no =93sticky=94 equivalent in nfs4acls. One idea is to use NFSv4 ACLs and add entry that denies delete_child and is inherited by directories, i.e. "everyone@:D:d:deny". This should prevent deletion despite write access. --=20 If you cut off my head, what would I say? Me and my head, or me and my = body?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5FC93589-6AB1-4F43-98B3-C9281603A2AD>