(Illustration by Gaich Muramatsu)
On Wed, Jan 24, 2001 at 06:12:32PM -0500, Stephan Koledin wrote: > Sorry for all the questions today, but I ran into a strange situation > that I can't quite figure out. > > Basically, I have a simple replicated volume for hosting information via > anonymous ftp. The coda permissions are as follows for the whole mounted > volume: > > [skoledin_at_monkeyboy ftp]$ cfs la /coda/pub/ftp > System:Administrators rlidwka > System:AnyUser rl ... > [skoledin_at_monkeyboy ftp]$ chmod -R a-r bin The unix permissions are sometimes used correctly, but sometimes ignored. In this case, the missing 'r' bit blocks the client from even fetching the object. Also ACLs sometimes seem to work counter-intuitive. What you are trying to achieve is to have 'r'ead permission without 'l'ookup permission, which doesn't work either. Maybe we should initially ignore the unix permissions completely as far as Venus is concerned, and permit/deny object access purely on the directory ACL. The kernel and VFS should probably handle the access based on the unix mode-bits. In a way it gets pretty hard to get it all correct, because we would need to have a per-user view on filesystem contents, so that the unix modebits can be different for each user depending on which ACL's are in effect. > Has anyone run into this particular situation before? I think I remember > Jan saying that ftp://coda.cs.cmu.edu is hosted off a coda volume, and > the permissions there seem to be proper (bin/* not viewable via ls), so > I guess I must be doing something wrong, I just can't figure out what. www.coda is served out of Coda. ftp.coda was done similarily only for a while, but isn't right now. And yes the /bin directory was visible. JanReceived on 2001-01-24 18:37:08