RE: [netatalk-admins] Newbie with a few questions..

Subject: RE: [netatalk-admins] Newbie with a few questions..
From: Mark Donnelly (mark@coe.missouri.edu)
Date: Wed Feb 25 1998 - 18:10:18 EST

• Next message: Bill Studenmund: "RE: [netatalk-admins] Newbie with a few questions.."
• Previous message: Andras Kadinger: "Re: [netatalk-admins] Newbie with a few questions.."
• In reply to: Danny Carroll: "RE: [netatalk-admins] Newbie with a few questions.."
• Next in thread: Bill Studenmund: "RE: [netatalk-admins] Newbie with a few questions.."
• Reply: Mark Donnelly: "RE: [netatalk-admins] Newbie with a few questions.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> The ability to move/delete a file depends on the directory permissions:
>> You aren't altering the file itself, but the directory it is in. After
>> all, if it's your directory, you get a say as to what lives there and what
>> doesn't. It might take a bit of getting used to initially, but it all
>> starts to make sense if you think about it for a while. Think of it like
>> this - you aren't moving/deleting the file: you're removing/changing an
>> entry that points to that file from the directory.
>
>But it shouldn't be like that... if I have a home diectory like this..

Well, what he's saying is that the system he described is just what UN*X does.
If you were to log in and try that using tcsh, bash, zsh, sh, etc, you would
have the same results.

If you're a programmer, think of this: You have some data that you can't touch.
The only way to access the data is through a system call. (Think of
filehandles...they're just integers, but the system deals with them) Now, you
create an array of a structure that holds the reference to the data (say, the
filehandle), and an internal name for what that data is. You could change that
name all day long if you wanted to, without touching the data.

Now, if you understand that, substitue 'data' to be 'file', and substitue
'structure' to be 'inode'. The user owns the inodes (the directory structure),
and can change them at will -- they own the inodes -- but cannot touch the data
contained within the files.

Basically, the filename is not intrinsic to the data that is contained within.
The filename is part of the directory structure, which the user owns and can
change.

>
>Then nothing should let testuser alter that file EVEN if it is in the home
>dir...
>

The users cannot alter the file....they altered the inodes that reference the
file.

If you want to _absolutely_ make sure that the user's AppleVolumes are not
scanned, get the source and change one line:

volume.c, line 118 (do a search in it for "AppleVolume")

The line

   } else if (( pwent = getpwnam( username )) != NULL ) {

Can become

   } else if ( NULL ) {

Now, two caveats: 1. I'm based off the asun patches (just downloaded the
source from him), so this might be different in the base tree.

2. I didn't test this, I just looked. This LOOKS right, but you might have to
change a couple of things.

--Mark
   "I think so Brain, but if they called them sad meals, then
    no one would buy them."

• Next message: Bill Studenmund: "RE: [netatalk-admins] Newbie with a few questions.."
• Previous message: Andras Kadinger: "Re: [netatalk-admins] Newbie with a few questions.."
• In reply to: Danny Carroll: "RE: [netatalk-admins] Newbie with a few questions.."
• Next in thread: Bill Studenmund: "RE: [netatalk-admins] Newbie with a few questions.."
• Reply: Mark Donnelly: "RE: [netatalk-admins] Newbie with a few questions.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:31:14 EST