[381] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

Re: AFS & UFS protection

daemon@ATHENA.MIT.EDU (Bob_Sidebotham@transarc.com)
Thu Nov 7 17:26:24 1991

Date: Thu,  7 Nov 1991 15:37:29 -0500 (GMT)
From: Bob_Sidebotham@transarc.com
To: Info-AFS@transarc.com, marc@ibmpa.awdpa.ibm.com (Marc Pawliger)
In-Reply-To: <9111071811.AA15762@amazon.awdpa.ibm.com>

Excerpts from internet.info-afs: 7-Nov-91 Re: AFS & UFS protection Marc
Pawliger@ibmpa.awdp (1125)

> Unfortunately the scheme proposed by Ed won't work.  Most newsreaders
> like rn, rrn and xrn save a new .newsrc by saving .newsrc.new and then
> renaming it to .newsrc so the action is 'atomic' with a backup file of
> the old .newsrc until the new one is completely written.  With the
> symlink scheme
> this fails since renaming a real file to a link's name will replace the
link with the real file, leaving _two_ copies of the file - the
> 'private' one and the 'public' one.

> In general since AFS ACL's are at directory granularity instead of file
> you will always have this problem.

Actually, it's independent of whether or not AFS supports ACL's on a
per-directory basis, since the problem cited is a problem in the context
of access lists: if you go to the trouble of creating an access list on
a file, and the application deletes your file, then guess what: the
file's access list disappears, too, unless the application knows about
access lists.

I'm not advocating that applications know about access lists; the
situation with mode bits is bad enough--I don't trust all the
application writers in the world to come up with a uniform set of
conventions for applying ACL's correctly.

In the DCE world, there is a concept of a default access list for a
file, which is what the file gets when it is created. This isn't,
however, good enough if the default access list and the access list you
happen to need for a particular file are different.

Perhaps access lists shouldn't be associated with files at all, but with
file names. Then I could say that .newsrc gets a particular access list
even if I don't have a .newsrc file. This probably wouldn't fly; a more
pragmatic proposal might be to assign the initial access list default
based on a pattern match against the file name (and maybe the mode
bits). So you might elect, for example, that all files beginning with
"." by default get private access.

Bob Sidebotham
Transarc Corporation

home help back first fref pref prev next nref lref last post