[PATCHESv2] Add vfs_admin vfs module
Jeremy Allison
jra at samba.org
Tue Oct 6 18:03:16 UTC 2015
On Tue, Oct 06, 2015 at 08:52:56PM +0300, Uri Simchoni wrote:
>
>
> On 10/06/2015 08:42 PM, Jeremy Allison wrote:
> >On Tue, Oct 06, 2015 at 08:08:39PM +0300, Uri Simchoni wrote:
> >>UNIX. Worse is Better(tm).
> >>
> >>https://www.jwz.org/doc/worse-is-better.html
> >>
> >>I'll incorporate that in the next version. Would you say the first
> >>version of your raceless chown is sufficient for symlinks and
> >>"mknod"'s?
> >To be honest I think Ira is right and we
> >should just be using become_user()/unbecome_user()
> >around the relevent create calls rather
> >than the complex way. We have the contexts
> >I think.
> Wouldn't that defeat the "adminness" of the admin user? What's the
> point of being an admin if the system imposes access checks on you?
Bah. Yeah, you're right - you want the "adminness" on create,
or open, but ownership by real uid. And even doing the
become/operation/unbecome then falling back to root still requires
the fallback code to be there if operation fails with permissions..
Sorry, brain not following along well enough this morning
(ENOTENOUGHCOFFEE:-). So the raceless version is the way
to go I think. We already have the parent_dirname() funtion
which does the required pathname component splits.
More information about the samba-technical
mailing list