Re: [netatalk-admins] 1.4b2+MacOS8 patch (Trash DID & 0 gid/uid)

Subject: Re: [netatalk-admins] 1.4b2+MacOS8 patch (Trash DID & 0 gid/uid)
From: Bob Smith, Hammett & Edison, Inc. (bsmith@h-e.com)
Date: Fri Aug 07 1998 - 18:30:12 EDT

• Next message: Oliver Wrede: "[netatalk-admins] shared Logins on UNIX/Mac?"
• Previous message: Dave Makower: "[netatalk-admins] Type/Creator codes with spaces"
• Maybe in reply to: Tan Chee Weei: "[netatalk-admins] 1.4b2+MacOS8 patch (Trash DID & 0 gid/uid)"
• Maybe reply: Bob Smith, Hammett & Edison, Inc.: "Re: [netatalk-admins] 1.4b2+MacOS8 patch (Trash DID & 0 gid/uid)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 6, 1998, 19:45:59 Tan Chee Weei wrote:

>On the second invocation of afp_openvol, the priming of the Trash folder
>causes a directory struct with DID set to whatever v_lastdid's value is which
>is now > 3. Is this what is intended or is it the intention that the Trash
>Folder's DID is always 3?

As far as I know, there is nothing magic about DID 3. I think the whole point
is to have the "Network Trash Folder" get a _persistent_ DID. Whatever DID it
is getting, the sequence of events in afpd is always the same so the DID is
always the same, and that's all that really matters.

>Another thing that doesn't seem to be addressed by afpd is how to handle
>requests to set a directory's uid/gid to 0. ... The trash folder is first
>created (if it doesn't exist) with gid=0, ie. not owned by anyone. That is
>why its perms are set to rwx---rwx.

Aha, I always wondered about that odd permission setting! Maybe this explains
the whole problem - the same permissions initially appear on "Trash Can #n"
sub-folders, meaning that the Mac expects to always have write privilege to
all the sub-folders regardless of who they belong to. But on the other hand,
I'm sure I tried setting everything to 777, and that didn't fix the problem.
Hmm.

>Does afpd do any switching of gids to say root to perform any privilege work?
>This could be one thing it could do in such a case and then switch the
>effective gid back to the user's real gid. Not sure if this is possible or
>poses any security problems.

It is certainly possible, and it just as certainly creates a potential
security hole! It would have to be done _very_ carefully.

>Will next look into why the Network Trash Folder shows up as visible for
>other users other than the owner and then the problem with Trash Can #n for
>n > 2, after resolving the current issues.

Glad to see someone else trying to crack this little problem, I haven't had
any time lately to spend on it. But if you find a possible fix I'll be happy
to test it for you!

Bob Smith
Hammett & Edison, Inc.
bsmith@h-e.com

• Next message: Oliver Wrede: "[netatalk-admins] shared Logins on UNIX/Mac?"
• Previous message: Dave Makower: "[netatalk-admins] Type/Creator codes with spaces"
• Maybe in reply to: Tan Chee Weei: "[netatalk-admins] 1.4b2+MacOS8 patch (Trash DID & 0 gid/uid)"
• Maybe reply: Bob Smith, Hammett & Edison, Inc.: "Re: [netatalk-admins] 1.4b2+MacOS8 patch (Trash DID & 0 gid/uid)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:03 EST