[EMAIL PROTECTED] said:
| So you want a sticky bit on the directory. Not a bad idea - this is
| also quite desirable for email spool directories etc. This is one of
| the main problems of the AFS/Coda security model. Where it tries to
| diverge from Unix it runs into trouble in system directories like
| "mail", "/tmp" etc. where sticky bits are used. But it is pretty easy
| to change Coda a little bit and perfectly acceptable, to accomodate
| this.
For the mail case, deliver mail to the user's home directory (or have a
special per user `mail-volume' mounted).
For the /tmp case:
Have a `sticky' ACL flag to allow users to create and delete directories,
without inheriting ACLs from the parent directory.
something like:
$ cfs la /coda/tmp
System:Administrators all
System:AnyUser idlS
$ mkdir /coda/tmp/jan_test
$ cfs la /coda/tmp/jan_test
jaharkes all
Now if anything is put in the directory, other people definitely cannot
remove the directory. Wasn't there also something with security problems
related to a hacker placing a symlink in the /tmp directory so that
programs creating temp files would either destroy, or remove some vital
information (like /etc/passwd). And that most solutions against such an
attack actually first create a `secured' directory in /tmp, and put the
temporary files in there.
Jan
