Subject: Re: [netatalk-admins] netatalk's handling of file permissions is stupid...
From: Jeff Wiegley (jeff@w3-design.com)
Date: Thu Nov 06 1997 - 20:09:29 EST
Andrew McNabb wrote:
>
> I thought that you could modify permissions from File:Sharing on the mac.
>
> ---------------------------
> -- Andrew McNabb --
> -- amcnabb@uiuc.edu --
> ---------------------------
I know very little about macs but I *highly* doubt you can change the
suid/guid
bits of a directory. (and I'm right since I checked)
and I certainly don't want to force my users to have to change
permissions all
the time on something that should be done automagically for them in
shared
directories.
I'm currently working on modifying the source code directly to create
directories
(in etc/afpd/directory.c) to create them with a mode of 06777. But it's
not going
well at all. the initial mkdir() calls does the job correctly but
something later
which I can't find resets the permission bits. grrr....
On further inspection this is why netatalk's file permissions suck...
Macs can't specify/change any of the following permission bits:
#define S_ISUID 0004000 /* set user id bit */
#define S_ISGID 0002000 /* set group is bit */
#define S_ISVTX 0001000 /* sticky bit */
#define S_IXUSR 0000100 /* owner executable bit */
#define S_IXGRP 0000010 /* group executable bit */
#define S_IXOTH 0000001 /* other executable bit */
The proper thing that netatalk *should* be doing is setting the bits
that
a Mac filesystem *can* specify and allow the remaing, unspecifiable bits
(as described above) to be inherited from the parent directory and users
umask.
But alas this isn't the way its done and as a result I have to either
1) tell people to set *world* read/write permissions on everything they
create. group is not sufficient because by default files don't
inherit the group of the parent directory because netatalk dropped
the
sgid bit when it was created and users can't bring it back. or they
can go around changing the group on everything they create of course
by either way its a waste of the employees time and patience.
2) sit here all day long doing nothing but periodically turning sgid
bits
on for the directories they create. Or,
3) run a cron job every few minutes to go through nearly 12gigabytes of
filesystem to automatically do 2) for me. Good thing we have a hyper
fast
server.
I can't believe the other users of netatalk have put up with this broken
behavior without fixing it.
I'm trying my damn hardest to implement a fix to provide the inheritance
of
the nonspecifiable bits but I know nothing about the AFP protocol and
even
less about the layout and workings of netatalk since it has such sparse
code documentation.
- Jeff
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:28:00 EST