Coda File System

Re: Permission strategie for root:wheel

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Mon, 8 Oct 2001 16:50:20 -0400
On Mon, Oct 08, 2001 at 07:09:47PM +0200, Matthias Teege wrote:
> I'm using coda on my FreeBSD network and want to put the sources
> (/usr/src) and the ports (/usr/ports) on the coda filesystem. In the
> original installation both directories are owned by root and group wheel.
> 
> What is the best permissions an user strategie for coda? I wan't
> (and can't) create an coda user "root" with uid 0. Should I create
> an "offiziell" admin with another uid that ownes the sources or
> can I change the permissions on the client side?
> 
> The main problem is that root must have read an write permissions on
> /usr/src and /usr/ports particulary if root install new programms.

Coda couldn't care less who is the user that owns the file, and the UNIX
permission bits only influense it mildly. Unix groups are not even
supported (i.e. group will always be 65534).

We actually deal with access permissions by checking the authentication
token that the user passed to venus with the ACL on the directories.

So you could have some Coda group (let's say System:Software), which
contains any users that are allowed to modify/add/delete/create files in
/usr/src and /usr/ports. Anybody else can still be allowed read and
lookup access,

cfs sa /coda/usr/ports System:Software rlidwka
cfs sa /coda/usr/ports System:AnyUser rl

ACL's are inherited when a new directory is created, so if the hierarchy
is already there use 'find' to fix up the acls in the tree

find /coda/usr/ports -type d -exec cfs sa {} System:Software all \;

(GNU find needs an additional '-noleaf' to avoid some optimizations that
don't work well on Coda which cause find to sometimes forget to traverse
directories).

Jan
Received on 2001-10-08 16:50:37