[379] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

Re: AFS & UFS protection

daemon@ATHENA.MIT.EDU (Marc Pawliger)
Thu Nov 7 15:56:35 1991

From: marc@ibmpa.awdpa.ibm.com (Marc Pawliger)
To: info-afs@transarc.com
Date: Thu, 7 Nov 91 10:11:29 PST

Unfortunately the scheme proposed by Ed won't work.  Most newsreaders like
rn, rrn and xrn save a new .newsrc by saving .newsrc.new and then renaming
it to .newsrc so the action is 'atomic' with a backup file of the old
.newsrc until the new one is completely written.  With the symlink scheme
this fails since renaming a real file to a link's name will replace the
link with the real file, leaving _two_ copies of the file - the 'private'
one and the 'public' one.

In general since AFS ACL's are at directory granularity instead of file you
will always have this problem.

The only solution I can think of is to chmod 600 .newsrc and make sure whatever
newsreader they use preserves the mode bits on the new file.  This may involve
wrapping the newsreader in a script that sets the umask and exec's the reader.

--marc
+  Marc Pawliger    IBM Advanced Workstations Division    Palo Alto, CA   +
|   Internet  marc@ibminet.awdpa.ibm.com        UUCP  uunet!ibminet!marc  |
|    IBMinet  marc@ibmpa.awdpa.ibm.com         phone  (415) 855-3493      |
+       VNET  MARCP at AUSTIN              IBM phone  T/L 465-3493        +

home help back first fref pref prev next nref lref last post