PERFORCE change 35437 for review

Robert Watson rwatson at FreeBSD.org
Sun Aug 3 21:26:27 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=35437

Change 35437 by rwatson at rwatson_paprika on 2003/08/03 14:25:56

	More notes on file permissions and UFS protections, to be
	fleshed out into text later.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#8 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#8 (text+ko) ====

@@ -1376,7 +1376,7 @@
 </sect4>
 
 <sect4 id="secarch-ufsmode">
-  <title>UFS Mode Field</title>
+  <title>UFS Owner and Mode Fields</title>
 
   <para></para>
 
@@ -1392,20 +1392,35 @@
 generally implemented only at open() for files, per operation for
 directories
 
-file
-	write
-	read
-	execute
+file, device, fifo
+	write		write/append file contents, truncate file, map writable
+	read		read file contents, map readable
+	execute		permission to execve()
 
 	apply to data of file; also user namespace extended attributes
 	system namespace extended attributes require suser
 
-	admin limited to owner, suser
+	admin limited to owner
+
+	additional protections may apply to device objects as implemented
+	by the device driver.
+
+socket
+	write		(connect)
+	read		unused
+	execute		unused
+
+symlink
+	permissions have no effect on symlink operations
 
 directory
-	write
-	read
-	execute
+	write		(insert, delete)
+	read		(list)
+	execute		(lookup)
+	sticky bit	special protection for objects in directory
+			must be object owner or directory owner to
+			delete/replace entries in the directory,
+			regardless of permissions
 
 	apply to data of directory; also user namespace extended attributes
 	system namespace extended attributes require suser
@@ -1467,6 +1482,29 @@
 requested creation mode for the operation, and the protections on
 the parent directory (specifically, the default ACL).
 
+New UFS file system objects will be assigned the effective uid
+of the authorizing credential as their owner uid.
+
+New UFS file system objects will be assigned a group equal to the
+group of the directory in which the object is created.
+
+Setgid flag removed from new file system objects if the creating
+credential is not a member of the group.
+
+Processes requesting the creation of the file provide two elements
+used to calculate the new object's mode bits: an explicit creation
+mode argument to the call creating the object, and an implicit
+process umask, set by the umask() system call, which masks the
+creation mode.
+
+In addition, the setgid bit will not be included in the mode of
+a new object even if requested, if the object does not have a
+group that appears in the process credential effective or extended
+group.
+
+The sticky bit is only permitted for directory objects if the
+authorizing credential is not privileged.
+
 Note: composition of default ACL, umask, and cmode, are as defined
 in POSIX.1e; some other systems use alternative compositions.
 </para>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list