Date: Thu, 26 Dec 1996 19:30:43 -0500 (EST) From: Charles Owens <owensc@enc.edu> To: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de> Cc: FreeBSD hackers <freebsd-hackers@freebsd.org>, ben@narcissus.ml.org Subject: Re: multi-group file access techniques / directory hardlinks Message-ID: <Pine.FBS.3.93.961226183435.24907A-100000@dingo.its.enc.edu> In-Reply-To: <199612262141.WAA00148@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Dec 1996, J Wunsch wrote:
> As Charles Owens wrote:
>
> > > Directory hardlinks are impossible in FreeBSD. They have been
> > > discontinued quite some time ago.
> >
> > Uhhh... well, sort of. At least as of 2.1.6 it is still possible to use
> > ln(1) to create directory hardlinks using an undocumented flag.
>
> > 3. The official FreeBSD stance (that I seem to be hearing) that
> > directory hardlinks are unsupported is based on:
> >
> > a. the insufficient status of the tool support (previous point)
> > - and/or -
> > b. the fact that directory hardlinks are dangerous in the
> > hands of the uncareful.
>
> c. the fact that directory hardlinks have been discontinued in 2.2.
>
> 2.1.6 did indeed still support it, since this was a new feature, hence
> it didn't go into the 2.1.x tree.
>
> They are not only dangerous in the hands of the uncareful, but they
> are dangerous at all. As i wrote earlier, fsck did _always_ complain
> about additional hardlinks, so it was always an error to even try it.
>
> > As I stated in my original posting (on Dec 18), my goal is to come up with
> > an optimum technique for allowing multiple groups controlled access to a
> > file tree.
>
> It's probably better to concentrate on a one group per user technique,
> and put all the other people who are allowed mutually into secondary
> groups. The ugly old limits for secondary groups have just been
> killed (but this won't be in 2.2 yet). The experience on freefall
> proves that this concept is workable, although there's still a tool
> missing where a user can invite and de-invite others into his group.
I assume you mean the 16 groups per user limit, eh? Do you mean that in
the new, post 2.2 code there's really _no_ limit to the number of
secondary groups that a user can belong to? (for example, suppose every
one of my thousands of users belongs to their own personal group. If I
make the user 'metauser' a member of each one of these groups then there'd
be no problem? ...except perhaps perfromance issues as you mention
below?)
Will this show up in 2.2.1 and/or 3.0? (Is it in -current now?) I need
to be rolling out a solution in the next few months, but with this user
membership limit going away in the near future it looks like I may want to
take a more evolutionary approach.
> Maybe i'm missing something here, but it seems to me that those
> secondary groups should do what you want. David Nugent also suggested
> to me in private mail that he is thinking of a .db file for the group
> list as well, so speed issues might also go away soon.
>
> > A recent *article in 'Sys Admin' deals with this problem. One of the two
> > techniques suggested relies on the use of directory hardlinks, which is
> > why I'm currently interested in the topic.
>
> Even in systems that support them, they were only allowed for root
> users anyway. In order to remove such an extraneous hardlink, you had
> to bypass any and all validation tests in the kernel (as it is
> e.g. done if a directory is not empty, but you try rmdir'ing it).
>
> Finally, we aren't the first disallowing directory hardlinks. I
> personally know Data General's DG/UX which used to disallow this
> misfeature at least since 1990, Linux doesn't allow this, and i think
> there were even more systems.
Sounds good to me. I never really liked the idea of hard linked
directories anyway. :-)
Thanks!
---
-------------------------------------------------------------------------
Charles Owens Email: owensc@enc.edu
"I read somewhere to learn is to
Information Technology Services remember... and I've learned that
Eastern Nazarene College we've all forgot..." - King's X
-------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.FBS.3.93.961226183435.24907A-100000>