Date: Sat, 2 Aug 2003 12:09:26 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 35406 for review Message-ID: <200308021909.h72J9Qeo024015@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=35406 Change 35406 by rwatson@rwatson_paprika on 2003/08/02 12:08:44 Notes on devfs, file creation modes. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#7 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#7 (text+ko) ==== @@ -1461,24 +1461,37 @@ <title>UFS Protections on Creation</title> <para> -requested creation mode -umask -ACL mask +When file system objects are created, their default ownership and +protection is a property of a variety of creation parameters: the +credential and umask of the process creating the object, the +requested creation mode for the operation, and the protections on +the parent directory (specifically, the default ACL). + +Note: composition of default ACL, umask, and cmode, are as defined +in POSIX.1e; some other systems use alternative compositions. </para> </sect4> <sect4 id="secarch-devfsprot"> - <title>Device file system default protections</title> -<para> -devfs full of synthetic special objects, not explicitly created by -any user -- rather, the system. + <title>Device file system protections</title> +<para>The device file system permits user processes to access system +devices through the file abstraction. + +Entries in devfs may represent hardware devices (such as disks and +serial ports), abstractions layered over hardware devices (such as +disk partitions), or pseudo-devices (such as pseudo-terminals). + +The protections on device objects are a product of the permissions +on the synthetic file system objects, and any additional security +checks in the device implementation itself. + +The device file system assigns initial ownership and permissions +based on two elements: defaults specified by the device driver, +combined with a devfs ruleset. -each device has default owner and protections set by the implementation -of the object; however, as device access requirements are frequently -specific to the environment, the devfs rules system may be used to -set new default, as well as update all current protections. +Device file system rulesets... -XXX +Common requested modes and uid/gids for new device nodes </para> <para>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308021909.h72J9Qeo024015>