From owner-freebsd-hackers Thu Oct 7 0:34:24 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.128.198]) by hub.freebsd.org (Postfix) with ESMTP id B310414C45 for ; Thu, 7 Oct 1999 00:34:20 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id IAA68583; Thu, 7 Oct 1999 08:31:33 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id HAA00312; Thu, 7 Oct 1999 07:41:06 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <199910070641.HAA00312@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: Pat Dirks Cc: "Brian Somers" , "FreeBSD Hackers" Subject: Re: Apple's planned appoach to permissions on movable filesystems In-reply-to: Your message of "Wed, 06 Oct 1999 16:51:17 PDT." <199910062351.QAA21704@scv3.apple.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 07 Oct 1999 07:41:06 +0100 From: Brian Somers Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > >[.....] > >> Instead we decided to leave all name <-> ID mapping systems unchanged and > >> rely on a distinction between "local" filesystems whose permissions > >> information should be used and a "foreign" filesystem mode where owner > >> and group IDs are ignored. > >[.....] > > > >I think the owner and group of the person that mounted the filesystem > >should be assigned to all files on that filesystem in FOREIGN mode. > >-u and -g switches should be permitted to modify these, the -u being > >restricted to root and the -g restricted to root or one of the groups > >to which you are a member. > > > >This assumes the BSD style I-must-have-permission-to-read-and-write- > >the-raw-partitiion style filesystem mounting by users. It would have > >horrendous implications with the linux-style fstab-says-anyone-can- > >mount-this idea. But then, you already mention this later on :-] > > > >The filesystem code would also mask all suid bits and ignore all > >char/device files on FOREIGN media (as you've already said too). > > What do you see as the advantage of explicitly assigning ownership to the > mounting user/group? The effect should be the same in either case? I > suppose it allows an intereting middle-level of access to the group in > question? [.....] Well, the idea is that if I personally ``own'' the media, I'll want to put the appropriate permissions on files (eg, my private pgp key) and then carry it 'round in my back pocket. I want to be able to access that 0600 file after mounting the media and I don't want anyone else to. I think this is ability would be a big plus In the case of root, they should be able to do all this for any user - they can anyway by simply switching uids. Another thing that now occurs to me is that it should probably be possible for root to mount the disk as `user fred' but with groups as they are on the disk (and see below) - ie, I'm moving a disk from one system to another and those systems share the same groups, but not the users. > In the case of Mac OS X we've got a daemon in the system looking for new > disks being inserted/attached and doing the mount. We still want the > console user to have "ownership" of the filesystem in "foreign" mode. [.....] Ah, ok, so all files belong to that user - I didn't realise you'd said that. This is what I'm after too, but the group side of things should be dealt with too so that I can give others group permissions to various bits on my disk. Thinking about it, -g should probably allow some sort of mapping syntax where I can say map gid x to gid y and map gid a to gid b where I'm a member of groups y and b. By default, map no groups (everything's owned by the magical nobody to which nobody is a member).... -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message