straw poll for "veto files" [was Re: "veto files" problem]
TAKAHASHI Motonobu
monyo at samba.org
Fri Oct 26 05:34:43 GMT 2001
David Collier-Brown wrote:
>1a) Right now, the benefit is that veto'd files can be
> written to but not read from (or read for execution).
>
> This is a useful tool for secure system's logs, and
> for school's dropboxes, although the implementation is
> not complete for either: you can't see if you've dropped
> anything in the dropbox, and you can overwrite logs you
> can't read.
Unfortunately this is not true, so this is not useful for both of
them...
- You cannot write veto'ed filename directly.
You can only rename non-veto'ed filename to veto'ed filename.
- You can overwrite existed a file of veto'ed filename to rename
(move) a file of non-veto'ed filename.
Anyway,
>All in all, I argue it's better to change it. With Mr. Sorce,
>I suspect we might want to be prepared to put in an option
>to restore the previous behavior if we find someone using it.
I agree this.
-----
TAKAHASHI, Motonobu(monyo) monyo at samba.org
Samba Team - http://samba.org/ Samba-JP - http://www.samba.gr.jp/
JWNTUG - http://www.jwntug.or.jp/ Analog-JP - http://www.jp.analog.cx/
MCSE+I, MCSE(W2K), SCNA, CCNA, Turbo-CI
More information about the samba-technical
mailing list