[75] in Info-AFS_Redistribution
Re: A question on protection semantics.
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Tue Feb 12 12:17:50 1991
Date: Tue, 12 Feb 91 11:26:14 -0500
From: Carol Kamm <cak@ifs.umich.edu>
To: Tony_Mauro@transarc.com
Cc: Info-AFS@transarc.com, Christer Bernerus <bernerus@cs.chalmers.se>,
In-Reply-To: Your message of Tue, 12 Feb 91 08:08:15 -0500.
> System Adminisitrator's guide. On page 2-2, the last bulleted item
> in section 2.1.1.1 says:
>
> You cannot make an AFS file "write only" as is possible by turning
on only
> the w mode bit on a UNIX file. To exercise the ACL WRITE right, the
possessor
> must also have the LOOKUP and READ rights.
>
> The second bullet in that section points you to section 19.10 for
> a discussion of how AFS ACL rights interact with mode bits. Section
> 19.10 explains that the "r" owner bit must be on in order for
> anyone to exercise the ACL READ right. Combining the two facts
leads
> to the conclusion that in order to write an AFS file, the owner "r"
> mode bit must be on and the READ right must be granted on the ACL.
Our work here on the IFS Project on intermediate servers
indicates that, although this is what the documentation says, it
does not accurately reflect what the software does. For example:
Let's make a file:
% date > aa
% cat aa
Tue Feb 12 10:59:25 EST 1991
% ls -l aa
-rw-r--r-- 1 ric 29 Feb 12 10:59 aa
Now, let's make it UNIX write-only:
% chmod 222 aa
% ls -l aa
--w--w--w- 1 ric 29 Feb 12 10:59 aa
% cat aa
aa: Permission denied
And now, let's write to it:
% date >> aa
% cat aa
aa: Permission denied
So, you can write to but you can't read from a write-only file.
That makes sense. Oh, Is the right data there? Yep.
% chmod 666 aa
% cat aa
Tue Feb 12 10:59:25 EST 1991
Tue Feb 12 10:59:50 EST 1991
(BTW, I've got full (wildkar) rights in this dir.)
The above behaviour is what we are trying to duplicate in the IFS
intermediate.
Note that, although the documentation indicates that the 'r' bit
must be set in order to write a file, this is not true.
Carol Kamm
Technical Coordinator
IFS Project, University of Michigan
