From: Werner Baumann <werner.baumann@on...> - 2005-06-21 09:42:40
"The patch ignore the --mode option. The testing branch resolve this?"
At the moment davfs2 does not honour the mode option. This is partly due
to my security patch.
To fix the security issues quickly davfs2 will:
- fix ownership of all files to the mounting user
- not allow to change ownership
- fix mode to 600 for files, 700 for directories
- not allow to change mode
But at least davfs2 will now return an error code to coda if someone
tries to change mode or ownership, so the user will be informed.
But even without the security patch davfs2 does not change something
like mode on the WebDAV-server, and I am not shure whether we should.
Because davfs2 does not differentiate different WebDAV-users (or
principals) but instead everthing is done on the WebDAV-server on
behalve of the one and only WebDAV user who started the connection. I
think this o.k., but we should write some paper clarifying the intended
use of davfs2 compared to distributed file systems like nfs, coda, cifs
or the Andrew file system.
I think that for most uses of davfs2 (the ones you mention in the man
page) the security patch will not be a real restriction, so it is
desireable to have davfs2 in Debian.
What to do next? I have got some ideas about this:
- writing a paper about what davfs2 is for (and whot it is not for)
- adding a directory cache to speed up
- adding working unix rights with permission check
- make davfs work with different kernel version without recompiling
I hav started with the cache. But I see that having a stable Debian
package might be more important, even with the restrictions I mentioned.
So I will lay aside the cache and instead will try to work out a
solution to select the coda interface at run time.
I would ask you to test the dafvs2-0-2-3-testing version (and ask your
friends to do the same):
Why is davfs2-0-2-3-testing better?
- it allows user mount controlled by fstab (in the old version I had to
disable user mount because it was not controlled by fstab and would have
been a security risk)
- when the file system is unmounted (with umount) the
mount.davfs2-daemon will die gracefully too (and remove the pid-file)
- it takes creditentials from a secrets file (also testing this for