#237 Change File System access model for single user file systems

closed-rejected
msys (22)
2005-07-03
2005-06-18
No

Some of the file systems that MSYS can access are
designed for use by only one user. The MSYS run time
currently maps access to such a file system to one that
allows everyone to have the same access as everyone
else. These patches change that mapping to one with
access restricted to a single user but with everyone's
access aliased to that user. This produces a more
consistant model of what acctualy is taking place when
such a file system is used. (Specifically, the old
scheme implied that there was an individual and group
identifier associated with each file or directory and
that by implication those identifiers could be changed.
The alternate scheme implies that you can not change
the identifiers.)

Note that there are three patches.

The sec_acl.cc patch is a technical correction to the
interpretation of access descriptor strings. There are
in fact four possible characters that can appear in the
third position of an access triplet string, not two.
Asside from the common 'x' and '-' values, there are
also 's' and 'S' values that have the same execute
attributes as 'x' and '-' respectively, but also
indicate that the corresponding 'sticky bit' is set.
The change allows for the alternate 'x' coding. The
'sticky bit' encoding is ignored because impimenting it
would require changes to the calling routines as well
as changes to this routine.

The fhandler.cc patch implements the modified scheme
for files. It removes apparent 'group' and 'other'
access to files. In fact this does not change the
actual access semantics since the UID of everything on
a single user file system is implictly the current UID.
A secondary correction in this file corrects the
calculation of the total amount of space available on
volume which might be larger than 4GB.

The syscalls.cc patch implements the modified scheme
for directories. It also removes 'group' and 'other'
access, but indicates that 'group' and 'user' ids will
not be set 'properly' on and can not be changed for any
files in those directories.

...

Sorry - system trouble. I'll have to shut down and add
the actual patches and change log entry later...

Discussion

  • Max TenEyck Woodbury

    Logged In: YES
    user_id=735003

    2005.06.18 Max Woodbury <mtew@users.sf.net>

    * fhandler.cc - change file access model, fix size
    calc if > 4GB.
    * sec_acl.cc - addes 's' as an alternate to 'x' in
    access strings.
    * syscalls.cc - change directory access model.
    - Note: the access semantics have not changed.

     
  • Max TenEyck Woodbury

    Change single user file system file access model.

     
    Attachments
  • Max TenEyck Woodbury

    Add 's' as an alternate to 'x' in access string decoding.

     
    Attachments
  • Max TenEyck Woodbury

    Change single user file system directory access model

     
    Attachments
  • Earnie Boyd

    Earnie Boyd - 2005-06-18

    Logged In: YES
    user_id=15438

    You need to study on a proper ChangeLog entry. You're close
    but the syntax is wrong enough to be obvious. I'll try to
    find the reference document; but you should be able to look
    at the existing ChangeLog and spot obvious differences.

     
  • Max TenEyck Woodbury

    Logged In: YES
    user_id=735003

    2005.06.18 Max Woodbury <mtew@users.sf.net>

    * fhandler.cc(fhandler_disk_file::fstat) - change
    file access model
    * fhandler.cc(fhandler_disk_file::fstat) - fix size
    calc if > 4GB.
    * sec_acl.cc(permfromstr) - addes 's' as an
    alternate to 'x' in
    access strings.
    * syscalls.cc(stat_worker) - change directory access
    model.
    Note: the access semantics have not changed.

     
  • Earnie Boyd

    Earnie Boyd - 2005-07-02

    Logged In: YES
    user_id=15438

    Your fhandler.cc changes are not correct w.r.t. st->mode.
    Since group and others can read the files it is most
    definitely correct to display the bits so they do.

    Earnie

     
  • Earnie Boyd

    Earnie Boyd - 2005-07-02
    • milestone: --> 506892
    • status: open --> pending
     
  • Max TenEyck Woodbury

    Logged In: YES
    user_id=735003

    It's your call of course, but on a FAT file system on a W9x
    or ME system there is no 'group' or 'others', only the
    'owner' so what is set for the group and other permissions
    really makes no difference. Saying that 'group' and
    'others' have no access makes the security test in 'ssh'
    passable where it would not otherwise be. On NT where there
    are other 'group's and 'other's, this patch should have no
    effect.

     
  • Max TenEyck Woodbury

    • status: pending --> open
     
  • Max TenEyck Woodbury

    • status: open --> pending
     
  • Earnie Boyd

    Earnie Boyd - 2005-07-02

    Logged In: YES
    user_id=15438

    So we need to deal with the ssh problem in ssh and not break
    MSYS. MSYS is doing TRT (the right thing) w.r.t. st->mode
    display.

    What if MSYS hashed its own mode table and the chmod
    function would store and delete from the table. Only the
    exceptions to the general rule would be stored. This would
    only happen for FAT and not NTFS. We could even use the
    registry to store the changed modes or we could store it in
    a hidden file in the /etc directory.

     
  • Max TenEyck Woodbury

    Logged In: YES
    user_id=735003

    If you are going to extend FAT to include 'other' and
    'group' file attributes there is already a *NIX fs variant
    that does exactly that. A MSYS implementation should
    probably be modeled on it and might be able to reuse much of
    its code. (Sorry, the name slips my mind at the moment.
    It's one of the options in the Linux Kernel MS-DOS file
    system configuration selections.)

    On st->mode: If you want it to reflect what is really
    happening, you should note that 'group' and 'other' really
    have write access as well. It really is all or nothing with
    9x and ME. Of course it is debatable as to the brokenness
    of ssh and it is under other people's control, not ours
    (unless we want to do a MSys/MinGW special version with all
    the security tracking that implies) while we have control of
    MSys.

    Then there is the sticky bit piece. It may still be needed.

     
  • Max TenEyck Woodbury

    • status: pending --> open
     
  • Earnie Boyd

    Earnie Boyd - 2005-07-03
    • status: open --> closed-rejected
     
  • Earnie Boyd

    Earnie Boyd - 2005-07-03

    Logged In: YES
    user_id=15438

    I'm familiar with that file. DJ added to Cygwin years ago.
    I don't like the file as it doesn't clean up and gets
    extremely large. We would need our own file to keep it small.

    The st->mode point; I agree that we should correct the
    broken stat information. It really isn't correct. I won't
    accept patches for that until after I release 1.0.11 because
    we may break other packages that read the stat info.

    I'm not sure the sticky bit matters unless we add our own
    mode table.

    Can you submit a new patch for this portion
    * syscalls.cc (statfs): Allow for bigger disks.

    We can address the st->mode issue later.

    Earnie

     
  • Earnie Boyd

    Earnie Boyd - 2005-07-03
    • milestone: 506892 --> Incorrect_Axiomatic_Semantics
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks