extended file attributes on external devices
Till Maas
opensource at till.name
Wed Mar 5 21:41:22 UTC 2008
On Wed March 5 2008, Alexander Boström wrote:
> If the kernel people are sceptical about magic like "map user 99 to the
> uid of the user calling stat()" then perhaps it would be better to
> extend ext3 to map user 99 back and forth to whatever uid was given as
> mount option uid99=xxx and then have the automount magic set that option
> to the current desktop user as per usual. Then it would be a filesystem
> specific thing.
How about this: Make it possible, that whenever a user is allowed to mount a
filesystem that he could manipulate arbitrarily (e.g. a filesystem on an
external device) and he mounts it, then he can remove/create arbitrary
files/directories and change permissions/owner/group arbitrarily, i.e.
manipulate it arbitrarily like he could do it on the another machine.
The root-directory of this filesystem could be set to 0600 and owned by uid=0,
to allow only the mounting user to access anything on the filesystem.
This special beheaviour could be made visual to the user with some virtual
posix acl, that cannot be removed or changed, but makes e.g. ls show a plus
sign after the permissions. And getfacl could maybe display it in more
detail.
Btw. I do not know how to implement this and how hard it would be to do this,
but this would be a good user experience imho.
> Another approach: Give ext3 an option (set in the superblock) to
> "downgrade" to a permissions-less state similar to how ISO9660 and FAT
> is handled.
>
> Basically, it would just store file and directories as "readable",
> "writable" or "executable" and then have mount-time options for setting
> uid/gid and masking the mode.
With my approach, the user can do everything he can do with yours, but also
modify permissions to e.g. allow only a special user to copy something
from/to his device.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080305/a0d920c5/attachment.sig>
More information about the fedora-devel-list
mailing list