On Apr 19, 2004, at 22:15, Jeff Dike wrote:
> paul@... said:
>> Umm, is that actually valid? For example, a normal user cannot read a
>> file with "000" permissions, however root can. However, if the
>> permissions are stored on the file, then a "000" file cannot even be
>> read be root.
> Ummm, good point. That needs fixing, as well as the fact that hard
> links aren't
> supported correctly.
Hard links are a hard problem... pun intended ;-) So long as we can
assume that only UML modifies the humfs
>> Surely it also makes sense if it is stored in a database? I am not
>> sure how else this information can be stored otherwise?
> Are you talking about extending the normal unix permissions through
> or supporting this stuff on filesystems that have it?
Unfortunately, as for permissions above, I don't think that we can
store this stuff on the filesystem, even if the underlying filesystem
does support it. Since all file accesses are done as the user running
UML, you certainly cannot store any capability that the user does not
have, which means, for example, that we cannot give the modprobe
utility the "load module" capability. On some hardened systems this
program is the only thing that can load a module, and then root is the
only user that is allowed to run that program. Personally I think that
then ACL's become analogous to the above situation for permissions, and
they might as well be treated in the same way for simplicity sakes.
Note, that since not all FS's are required to support ACL/capabilities,
they do not need to be in the first cut, so long as the metadata format
allows for their existence then it can be added later on, indeed it
sounds like a nice small chunk of work that I would even do for you :-)
Hope this helps some,