Date: Thu, 07 Oct 1999 07:41:06 +0100 From: Brian Somers <brian@Awfulhak.org> To: Pat Dirks <pwd@apple.com> Cc: "Brian Somers" <brian@Awfulhak.org>, "FreeBSD Hackers" <FreeBSD-Hackers@FreeBSD.ORG> Subject: Re: Apple's planned appoach to permissions on movable filesystems Message-ID: <199910070641.HAA00312@hak.lan.Awfulhak.org> In-Reply-To: Your message of "Wed, 06 Oct 1999 16:51:17 PDT." <199910062351.QAA21704@scv3.apple.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> >[.....]
> >> Instead we decided to leave all name <-> ID mapping systems unchanged and
> >> rely on a distinction between "local" filesystems whose permissions
> >> information should be used and a "foreign" filesystem mode where owner
> >> and group IDs are ignored.
> >[.....]
> >
> >I think the owner and group of the person that mounted the filesystem
> >should be assigned to all files on that filesystem in FOREIGN mode.
> >-u and -g switches should be permitted to modify these, the -u being
> >restricted to root and the -g restricted to root or one of the groups
> >to which you are a member.
> >
> >This assumes the BSD style I-must-have-permission-to-read-and-write-
> >the-raw-partitiion style filesystem mounting by users. It would have
> >horrendous implications with the linux-style fstab-says-anyone-can-
> >mount-this idea. But then, you already mention this later on :-]
> >
> >The filesystem code would also mask all suid bits and ignore all
> >char/device files on FOREIGN media (as you've already said too).
>
> What do you see as the advantage of explicitly assigning ownership to the
> mounting user/group? The effect should be the same in either case? I
> suppose it allows an intereting middle-level of access to the group in
> question?
[.....]
Well, the idea is that if I personally ``own'' the media, I'll want
to put the appropriate permissions on files (eg, my private pgp key)
and then carry it 'round in my back pocket. I want to be able to
access that 0600 file after mounting the media and I don't want
anyone else to. I think this is ability would be a big plus
In the case of root, they should be able to do all this for any user
- they can anyway by simply switching uids.
Another thing that now occurs to me is that it should probably be
possible for root to mount the disk as `user fred' but with groups
as they are on the disk (and see below) - ie, I'm moving a disk from
one system to another and those systems share the same groups, but
not the users.
> In the case of Mac OS X we've got a daemon in the system looking for new
> disks being inserted/attached and doing the mount. We still want the
> console user to have "ownership" of the filesystem in "foreign" mode.
[.....]
Ah, ok, so all files belong to that user - I didn't realise you'd
said that. This is what I'm after too, but the group side of things
should be dealt with too so that I can give others group permissions
to various bits on my disk.
Thinking about it, -g should probably allow some sort of mapping
syntax where I can say map gid x to gid y and map gid a to gid b
where I'm a member of groups y and b. By default, map no groups
(everything's owned by the magical nobody to which nobody is a
member)....
--
Brian <brian@Awfulhak.org> <brian@FreeBSD.org>
<http://www.Awfulhak.org>; <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910070641.HAA00312>