[695] in Info-AFS_Redistribution
Fwd:
daemon@ATHENA.MIT.EDU (Joseph_Jackson@transarc.com)
Wed Apr 1 12:53:04 1992
Date: Wed, 1 Apr 1992 10:59:41 -0500 (EST)
From: Joseph_Jackson@transarc.com
To: Info-AFS@transarc.com
The following message didn't make it to many info-afs subscribers due
to mail problems here at Transarc. I'm forwarding it to the entire
list.
Joe Jackson,
AFS Product Support,
Transarc Corp.
---------- Forwarded message begins here ----------
Date: Tue, 31 Mar 1992 11:40:51 -0500 (EST)
From: Daniel Edward Lovinger <dl2n+@andrew.cmu.edu>
To: info-afs@transarc.com
Subject: Re: <setuid in AFS 3.x>
In-Reply-To: <128713.9203301602@uk.ac.bcc.ts>
References: <128713.9203301602@uk.ac.bcc.ts>
Mike Gahan <ccaamrg@ucl.ac.uk> writes:
> He has a file which others may append to, but not overwrite. As there is no concept
> of 'append only' permission in Unix, he restricts write access to
> himself, then supplies
> a setuid program which setuids to himself to append to the file. The
> program is secure, as
> only he has write access to it. Thus his object is achieved.
>
> How can I do this with AFS ?
Depending on actual, as opposed to perceived requirements, an
insertable directory (permissions rli) may be sufficient. This allows
random users to create new files in the directory, but does not allow
modification.
If you really need setuid operation, take a snapshot of
/afs/andrew.cmu.edu/usr0/games/src/template
which is a library containing what amount to setuid operations for AFS
3. This is the library we use for setuid games here at CMU. Read the
README ... feel free to ask questions.
dan