It sure would be nice and it so happens that some people at Yale are
perhaps going to tinker with the protection system anyway.  Why don't we
make life a little more difficult for them :)

Where is this stuff specified. 

Coda could be the foundation for high performance network computers that
use their disk only as cache, and boot from a ramdisk to fire up Coda and
then mount coda on the root (more or less).   If the system gets hosed
"cfs flushcache" would discard the entire harddisk and future references
would download new copies from the server. New copies on servers would
always be immediately visible, but normally, things would run at local
disk speeds. 

Clearly in such situations good "super-user" capabilities could be very
useful.

- Peter -

On Wed, 10 Dec 1997, Alexander Kjeldaas wrote:

> 
> 
> On Tue, 9 Dec 1997, Peter J. Braam wrote:
> 
> > Hi Alexander,
> > 
> > Whoops, I think nobody is looking much at that list.  I suppose I should
> > subscribe myself.
> > 
> > We definitely have ACL's.  We have some extra attributes in our "cnodes"
> > which we currently don't exploit (I believe author and data version are
> > there).  We deal differently with atime, mtime, ctime than local
> > filesystems for efficiency. Due to replication of volumes we carry a lot
> > of stuff around that is used internally: so called version vectors count
> > the number of updates at each replication server, to keep replicas in
> > sync.
> > 
> > 
> > I don't know what "MAC" and information labels are.
> > 
> 
> They are 32-64 bit integers that indicates the sensitivity of the data.
> Information labels label the information. However they are not that
> important since nobody is currentlyimplementing them for linux. However,
> capabilities are important since they are already implemented (if not in
> the main kernel). Capabilities are 64-128 bit of information attached to
> executables saying what "super-user" privileges is is allowed to
> exercise. I think this can be implemented as an ACL with a special tag,
> but if you have some spare space you could think about reserving it for
> capabilities.
> 
> Capabilities is a method where the super-user privileges are divided into
> lots of different "capabilities" such as the capability that lets 
> a process set the time, the capability that lets a process bind
> to a reserved port etc. There are currently about 65 capabilities in the
> linux capabilities implementation.
> 
> It would be nice if CODA could support some of the extended attributes
> that NFS can't. 
> 
> astor
> 
> --
>  Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway
>  http://www.guardian.no/
> 
>