From owner-p4-projects@FreeBSD.ORG Sat Aug 2 12:09:29 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 438CC37B404; Sat, 2 Aug 2003 12:09:28 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BE5637B401 for ; Sat, 2 Aug 2003 12:09:28 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5534343FAF for ; Sat, 2 Aug 2003 12:09:27 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h72J9R0U024018 for ; Sat, 2 Aug 2003 12:09:27 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h72J9Qeo024015 for perforce@freebsd.org; Sat, 2 Aug 2003 12:09:26 -0700 (PDT) Date: Sat, 2 Aug 2003 12:09:26 -0700 (PDT) Message-Id: <200308021909.h72J9Qeo024015@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 35406 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 19:09:29 -0000 http://perforce.freebsd.org/chv.cgi?CH=35406 Change 35406 by rwatson@rwatson_paprika on 2003/08/02 12:08:44 Notes on devfs, file creation modes. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#7 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#7 (text+ko) ==== @@ -1461,24 +1461,37 @@ UFS Protections on Creation -requested creation mode -umask -ACL mask +When file system objects are created, their default ownership and +protection is a property of a variety of creation parameters: the +credential and umask of the process creating the object, the +requested creation mode for the operation, and the protections on +the parent directory (specifically, the default ACL). + +Note: composition of default ACL, umask, and cmode, are as defined +in POSIX.1e; some other systems use alternative compositions. - Device file system default protections - -devfs full of synthetic special objects, not explicitly created by -any user -- rather, the system. + Device file system protections +The device file system permits user processes to access system +devices through the file abstraction. + +Entries in devfs may represent hardware devices (such as disks and +serial ports), abstractions layered over hardware devices (such as +disk partitions), or pseudo-devices (such as pseudo-terminals). + +The protections on device objects are a product of the permissions +on the synthetic file system objects, and any additional security +checks in the device implementation itself. + +The device file system assigns initial ownership and permissions +based on two elements: defaults specified by the device driver, +combined with a devfs ruleset. -each device has default owner and protections set by the implementation -of the object; however, as device access requirements are frequently -specific to the environment, the devfs rules system may be used to -set new default, as well as update all current protections. +Device file system rulesets... -XXX +Common requested modes and uid/gids for new device nodes