From owner-freebsd-current@FreeBSD.ORG Thu Nov 28 08:27:17 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3B5746E7; Thu, 28 Nov 2013 08:27:17 +0000 (UTC) Received: from s1.omnilan.de (s1.omnilan.de [217.91.127.234]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AD72B1D32; Thu, 28 Nov 2013 08:27:16 +0000 (UTC) Received: from titan.inop.wdn.omnilan.net (titan.inop.wdn.omnilan.net [172.21.3.1]) (authenticated bits=0) by s1.omnilan.de (8.13.8/8.13.8) with ESMTP id rAS8RCYe026792 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 28 Nov 2013 09:27:12 +0100 (CET) (envelope-from h.schmalzbauer@omnilan.de) Message-ID: <5296FE5B.6050208@omnilan.de> Date: Thu, 28 Nov 2013 09:27:07 +0100 From: Harald Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: Julian Elischer Subject: Re: Feature request: sticky bit inheritance References: <5295DFAD.5070402@omnilan.de> <52960DB5.3090209@freebsd.org> <52961B25.3020109@omnilan.de> <529688DF.2010600@freebsd.org> In-Reply-To: <529688DF.2010600@freebsd.org> X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig2E4C172526AE87581B107F4F" Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Nov 2013 08:27:17 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2E4C172526AE87581B107F4F Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Bez=C3=BCglich Julian Elischer's Nachricht vom 28.11.2013 01:05 (localti= me): > On 11/28/13, 12:17 AM, Harald Schmalzbauer wrote: >> Bez=C3=BCglich Julian Elischer's Nachricht vom 27.11.2013 16:20 >> (localtime): >>> On 11/27/13, 8:03 PM, Harald Schmalzbauer wrote: >>>> Hello, >>>> >>>> ever since I took a FreeBSD machine into production, acting as any >>>> kind >>>> of file server, I have to work arround the problem, that write >>>> access to >>>> a directory implies unlinking (deleting) directory contents. >>> not sure I fully understand what you mean by that.. >>> Do you mean write access implies delete access? yes.. >>> >>> This can be modified with the nounlink flag. >> The uunlink flags also prohibits the owner to delete his files as far = as >> I know. I want to prohibt users from deleting =E2=80=9Cforeign=E2=80=9D= files, even if >> the user has write access to the parent directory (and I wanted to >> explain that I don't understand why anybody would want that a user wit= h >> write access to a directory can delete files on which the user doesn't= >> have write access). > > You can always unlink a file that is not yours if you own the directory= =2E > because the ability to unlink is purely dependent on the directory. > You don't change the file, and it may in fact have other links I have an idea why this kind of permission ist default: It's more expensive to extra check the file permission copmpared to only check the directory permission, the only part which will be altered any way. I guess having the sticky bit set by default would cause extra I/O+check, which might have been too expensive in the past=E2=80=A6 So the default w= as to do as less work as needed?!? =2E.. >> I'd need every child directory of directories, who have the sticky bit= >> set, also to have the sticky bit. The same behaviour as with the gid =E2= =80=93 >> it's the same as the parent has for new directories. > "patches accepted" :-) Besides horrible C skills, I have no idea where and how to start :-( I hoped somebody else with deeper knowledge is also suffering badly and someone could at least estimate the effort (in hours) needed to implement a inhert-stickybit kernconf option, or even better, a sysctl. Maybe I can pay for it. Thanks, -Harry --------------enig2E4C172526AE87581B107F4F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAlKW/mAACgkQLDqVQ9VXb8hzKwCeLmlUvMcvXzRsqBtWlcxqEH4g /bIAoJEnSE6HObbV4d341S/0iQvPp8l5 =QHPy -----END PGP SIGNATURE----- --------------enig2E4C172526AE87581B107F4F--