From owner-freebsd-arch@FreeBSD.ORG  Sun May  4 19:43:04 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 04B2237B401; Sun,  4 May 2003 19:43:04 -0700 (PDT)
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 43FDF43F3F; Sun,  4 May 2003 19:43:02 -0700 (PDT)
	(envelope-from bde@zeta.org.au)
Received: from katana.zip.com.au (katana.zip.com.au [61.8.7.246])
	by mailman.zeta.org.au (8.9.3p2/8.8.7) with ESMTP id MAA08778;
	Mon, 5 May 2003 12:42:51 +1000
Date: Mon, 5 May 2003 12:42:50 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@gamplex.bde.org
To: Kirk McKusick <mckusick@beastie.mckusick.com>
In-Reply-To: <200305042351.h44Np2Th017215@beastie.mckusick.com>
Message-ID: <20030505113734.I6343@gamplex.bde.org>
References: <200305042351.h44Np2Th017215@beastie.mckusick.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: arch@FreeBSD.org
cc: Brian Buhrow <buhrow@lothlorien.nfbcal.org>
cc: Jens Schweikhardt <schweikh@FreeBSD.org>
Subject: Re: Access times on executables (kern/25777) 
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2003 02:43:04 -0000

On Sun, 4 May 2003, Kirk McKusick wrote:

> 	From: Bruce Evans <bde@zeta.org.au>
> ...
> 	This doesn't work unless the user has permission to change the atime
> 	using utimes(2) with a non-NULL times pointer.
> ...
> OK, so how about instead of use VOP_SETATTR, we just try to VOP_READ
> one byte of data. It will run with the speed of read (and indeed since
> we just mapped in the header above, the data should be in the cache).
> It has the benefit of speed and not requiring the user to own the file.
> It has the drawback of requiring that the file be readable though most
> executables are set to be readable.

It would work better than that.  VOP_READ() works right here since the
permissions checks are done at the vfs level at open(2) time, not on every
VOP_READ() or read(2).

I think VOP_SETATTR() should work similarly: do permissions checks at
the vfs level using VOP_ACCESS() instead of in every file system, so
that there is less duplicated code and the permissions checks don't
get in the way when you don't want them.  This change is now easy for
at least setting times.  In Lite2, ufs_setattr() had to dereference
`ip' for its permissions check for times, but this detail is now pushed
down to VOP_ACCESS() using the VADMIN flag.  There is a new reference
to `ip' for SF_SNAPSHOT, but this is unrelated to normal permissions
except it can cause EPERM to be returned for reasons not documented
in utimes.2.

Bruce