On Thu, Jan 31, 2008 at 06:05:51PM -0500, Simon Wilkinson wrote:
> On 31 Jan 2008, at 22:48, Jan Harkes wrote:
>> On Thu, Jan 31, 2008 at 04:26:08PM -0500, Davor Ocelic wrote:
>>> In AFS, there is a special provision made for interoperability with
>>> Unix - person to which a file is chowned has implicit 'all' rights
>>> on the file. Does this work that way in Coda too?
>
> It doesn't work that way in AFS - AFS does have some implicit rights,  
> but if you don't have a read ACL for a directory, you can't access files 
> in it, regardless of their ownership.

Same as Coda (same roots).

>> I wonder how they can do something like that reliably in a cross realm
>> context.
>
> Files that get written to a volume in a cell are owned by the user's ID 
> in that cell's protection service database, not by the local UID on the 
> machine which wrote them.

Ok, so up to this point it is identical. The difference is that Coda
doesn't give any special rights just because a file happens to have some
particular user ID.

You simply cannot use chown correctly, because the chown application
maps the username based on the local /etc/passwd to get a numeric id
which it then uses in the chown systemcall.

So either we'd simply override any chown and just the object's owner to
the cell's protection database idea of the person who called chown, or
it is set to the local user id as the user (administrator) requested,
but that local user id isn't relevant in the context of the protection
database. Or there is some other interesting mapping which maps the
local userid back to a name and then tries to correlate that to an
identity in the protection database on the server.

In none of these cases would I expect a reliable enough result that I
would elevate access priviledges. Especially because we already have
ACLs to hand out such rights in a much more explict and unambiuous way.

Jan