PERFORCE change 35406 for review

Robert Watson rwatson at FreeBSD.org
Sat Aug 2 19:09:26 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=35406

Change 35406 by rwatson at rwatson_paprika on 2003/08/02 12:08:44

	Notes on devfs, file creation modes.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#7 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#7 (text+ko) ====

@@ -1461,24 +1461,37 @@
   <title>UFS Protections on Creation</title>
 
 <para>
-requested creation mode
-umask
-ACL mask
+When file system objects are created, their default ownership and
+protection is a property of a variety of creation parameters: the
+credential and umask of the process creating the object, the
+requested creation mode for the operation, and the protections on
+the parent directory (specifically, the default ACL).
+
+Note: composition of default ACL, umask, and cmode, are as defined
+in POSIX.1e; some other systems use alternative compositions.
 </para>
 </sect4>
 
 <sect4 id="secarch-devfsprot">
-  <title>Device file system default protections</title>
-<para>
-devfs full of synthetic special objects, not explicitly created by
-any user -- rather, the system.
+  <title>Device file system protections</title>
+<para>The device file system permits user processes to access system
+devices through the file abstraction.
+
+Entries in devfs may represent hardware devices (such as disks and
+serial ports), abstractions layered over hardware devices (such as
+disk partitions), or pseudo-devices (such as pseudo-terminals).
+
+The protections on device objects are a product of the permissions
+on the synthetic file system objects, and any additional security
+checks in the device implementation itself.
+
+The device file system assigns initial ownership and permissions
+based on two elements: defaults specified by the device driver,
+combined with a devfs ruleset.
 
-each device has default owner and protections set by the implementation
-of the object; however, as device access requirements are frequently
-specific to the environment, the devfs rules system may be used to
-set new default, as well as update all current protections.
+Device file system rulesets...
 
-XXX
+Common requested modes and uid/gids for new device nodes
 </para>
 
 <para>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list