Re: [OpenAFS] Question about append-only directories and ownership of files
Derrick J Brashear wrote: On Tue, 22 Mar 2005, Bob Cook wrote: On Monday, March 21, 2005, Todd Lewis wrote: Not quite. The owner of a directory has implied administrator rights in that directory. [...] although Todd is right about the behavior, Derrick Brashear acknowledged at last year's Best Practices workshop that the behavior is a bug. The intent was that the owner of the top directory in a volume have implicit admin rights in the volume, but not that the owner of each directory have such rights in their directories. (Derrick: Any guess as to when this will be fixed? It looks like people are getting used to it, which I would claim is a not-good thing!) IIRC it's been fixed in 1.3 for months. Great! However, people use the list archives as canonical information (probably because patching docs just isn't as interesting as patching code; go figure). In https://lists.openafs.org/pipermail/openafs-info/2001-July/001623.html, Jeffrey Hutzelman gave a nugget of cleanly distilled information that clearly deserves to be updated on the list and put into the wiki. He said: FWIW, there are three cases where someone gets implicit 'a' rights: - the owner of a directory gets implicit 'a' rights on that directory - the owner of a volume (same as the owner of its root directory) gets implicit 'a' rights on every directory in that volume. - members of system:administrators get implicit 'a' rights on every directory in every volume In light of the fixes in 1.3, would somebody be willing to amend this information so that (1) the list has the corrected/updated info somewhere in its archive and (2) we've got something concise to put into the wiki? Free karma boost for any takers... :-) Q. Where is this enforced? Specifically, what's different about implicit 'a' rights if somebody is running a 1.2 server with a 1.3 client? How about a 1.3 server and a 1.2 client? Mixed servers? Other relevant factors? -- +--+ / [EMAIL PROTECTED] 919-962-5273 http://www.unc.edu/~utoddl / / If you don't pay your exorcist you get repossessed. / +--+ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Question about append-only directories and ownership of files
On Wednesday, March 23, 2005 08:26:54 AM -0500 Todd M. Lewis [EMAIL PROTECTED] wrote: Q. Where is this enforced? Specifically, what's different about implicit 'a' rights if somebody is running a 1.2 server with a 1.3 client? How about a 1.3 server and a 1.2 client? Mixed servers? Other relevant factors? The set of rights you have on any given file or directory is always computed by the fileserver. So, it doesn't matter what client you're running. -- Jeff ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
RE: [OpenAFS] Question about append-only directories and ownership of files
You're right of course about the directory ownership. Kim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd M. Lewis Sent: Monday, March 21, 2005 11:26 AM To: openafs-info@openafs.org Cc: 'Thomas M. Payerle' Subject: Re: [OpenAFS] Question about append-only directories and ownership of files Dexter 'Kim' Kimball wrote: In general AFS doesn't care about ownership/mode bits -- ignores them entirely on directories, Not quite. The owner of a directory has implied administrator rights in that directory. That may be relevant here. Or not. Whatever. -- +--+ / [EMAIL PROTECTED] 919-962-5273 http://www.unc.edu/~utoddl / / Bakers trade bread recipes on a knead to know basis. / +--+ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Question about append-only directories and ownership of files
On Monday, March 21, 2005, Todd Lewis wrote: Not quite. The owner of a directory has implied administrator rights in that directory. On Tuesday March 22, 2005, Kim Kimball wrote: You're right of course about the directory ownership. Although it's getting a bit far afield from the original topic, I'd just like to point out that, although Todd is right about the behavior, Derrick Brashear acknowledged at last year's Best Practices workshop that the behavior is a bug. The intent was that the owner of the top directory in a volume have implicit admin rights in the volume, but not that the owner of each directory have such rights in their directories. (Derrick: Any guess as to when this will be fixed? It looks like people are getting used to it, which I would claim is a not-good thing!) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Question about append-only directories and ownership of files
On Tue, 22 Mar 2005, Bob Cook wrote: On Monday, March 21, 2005, Todd Lewis wrote: Not quite. The owner of a directory has implied administrator rights in that directory. On Tuesday March 22, 2005, Kim Kimball wrote: You're right of course about the directory ownership. Although it's getting a bit far afield from the original topic, I'd just like to point out that, although Todd is right about the behavior, Derrick Brashear acknowledged at last year's Best Practices workshop that the behavior is a bug. The intent was that the owner of the top directory in a volume have implicit admin rights in the volume, but not that the owner of each directory have such rights in their directories. (Derrick: Any guess as to when this will be fixed? It looks like people are getting used to it, which I would claim is a not-good thing!) IIRC it's been fixed in 1.3 for months. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
RE: [OpenAFS] Question about append-only directories and ownership of files
You don't mention the other half of the ACL. Who has wilk permissions? In general AFS doesn't care about ownership/mode bits -- ignores them entirely on directories, but does apply the owner mode bits to all users, including the owner. (Doesn't seem relevant here but sometimes good to know.) Kim = Kim (Dexter) Kimball CCRE, Inc. kimdotkimballatjpl.nasa.gov dhkatccre.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas M. Payerle Sent: Friday, March 18, 2005 6:58 PM To: openafs-info@openafs.org Subject: [OpenAFS] Question about append-only directories and ownership of files I have a cgi script on a web server writing into an AFS directory with ACL rights wilk; i.e. write permission set minus the r. The desired intent was to create a directory containing a file which the cgi script can append to, but would be unable to read from. The above appeared to be working as I expected, until I started testing out a replacement web server machine (having a different hostname, thus the httpd.hostname principal is different). Even when the ACL list in the parent (and all ancestral) directories are the same for both instances, the wilk permission set does not appear to be sufficient for appending _UNLESS_ the principal also is the owner of the file (the old server owned the files, and so worked without problem). It is happy if it has the r permission added to the set, and does not even change the owner after appending. It also is happy if the owner of the file is changed and the r permission not added. I have tested this out even with simple echo 'AAA' file type commands, so it does not appear to be an artifact of perl. As AFS generally tends to be somewhat unconcerned about file ownership in most cases, this ownership dependency was unexpected. I searched some texts and the web on AFS ACL rights, and although only one explicitly mentioned append rights (http://www.engin.umich.edu/caen/technotes/afs.pdf) (stating that w permission sufficient for that), the more common definition of w as allowing modification of files content seems consistent with that. Is this behavior expected? Am I missing something? Is there a way in AFS to have a file be append-only (possibly with creation if missing, but without being readable) that does not depend on the principal appending to the file owning the file? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Question about append-only directories and ownership of files
Dexter 'Kim' Kimball wrote: In general AFS doesn't care about ownership/mode bits -- ignores them entirely on directories, Not quite. The owner of a directory has implied administrator rights in that directory. That may be relevant here. Or not. Whatever. -- +--+ / [EMAIL PROTECTED] 919-962-5273 http://www.unc.edu/~utoddl / / Bakers trade bread recipes on a knead to know basis. / +--+ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Question about append-only directories and ownership of files
On Friday, March 18, 2005 08:57:41 PM -0500 Thomas M. Payerle [EMAIL PROTECTED] wrote: Is this behavior expected? Am I missing something? Is there a way in AFS to have a file be append-only (possibly with creation if missing, but without being readable) that does not depend on the principal appending to the file owning the file? No; there is no way for a file to be append-only. The operations exported by the fileserver are reading and writing parts of the file. The AFS client software generally reads, caches, and writes whole aligned cache chunks at once. So what you think of as appending really works out to fetching the last chunk of the file, modifying it, and writing it back, with the writing it back part normally happening only when the file is closed. So, to be able to append, the cache manager needs to be able to read the file. So of course, now you're going to ask why did it work before?. The answer is that when you have insert rights on a directory, the fileserver allows you to read files you own in that directory, even if you don't have r rights. You normally don't notice this, because the cache manager won't let you read a file you don't have r on, but this is a requirement for making dropbox directories work, and it also happens to be sufficient to make your append scenario work. -- Jeffrey T. Hutzelman (N3NHS) [EMAIL PROTECTED] Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Question about append-only directories and ownership of files
I have a cgi script on a web server writing into an AFS directory with ACL rights wilk; i.e. write permission set minus the r. The desired intent was to create a directory containing a file which the cgi script can append to, but would be unable to read from. The above appeared to be working as I expected, until I started testing out a replacement web server machine (having a different hostname, thus the httpd.hostname principal is different). Even when the ACL list in the parent (and all ancestral) directories are the same for both instances, the wilk permission set does not appear to be sufficient for appending _UNLESS_ the principal also is the owner of the file (the old server owned the files, and so worked without problem). It is happy if it has the r permission added to the set, and does not even change the owner after appending. It also is happy if the owner of the file is changed and the r permission not added. I have tested this out even with simple echo 'AAA' file type commands, so it does not appear to be an artifact of perl. As AFS generally tends to be somewhat unconcerned about file ownership in most cases, this ownership dependency was unexpected. I searched some texts and the web on AFS ACL rights, and although only one explicitly mentioned append rights (http://www.engin.umich.edu/caen/technotes/afs.pdf) (stating that w permission sufficient for that), the more common definition of w as allowing modification of files content seems consistent with that. Is this behavior expected? Am I missing something? Is there a way in AFS to have a file be append-only (possibly with creation if missing, but without being readable) that does not depend on the principal appending to the file owning the file? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info