The suggestion that was made to allow different implementations of the
"capabilitys exist for this file" bit for different filesystems sounded
like it was on the right track, it allows for filesystem support where it
is feasable, and allows for workarounds to be implemented for other
filesystems without having to change the entire filesystem. When the NFS
client is modified to use the sticky bit as the caps bit it should get the
squash_sticky default as well. That keeps things secure by default but
allows for exceptions to be made as the administrators of a particular
site deem it nessasary.
David Lang
On Fri, 16 Apr 1999, David L. Parsley (lkml account) wrote:
>
> Well, as much as I hate to suggest it again, you _could_ hack the nfs
> client to honor sticky as cap-enabled, but only if you can exercise total
> filesystem security. I only like the sticky bit for compatibility
> reasons, because currently it has no other interpretation. I still
> disdain setuid root, because both the setuid bit and the uid already serve
> another purpose. I reallize this information can be duplicated in the
> headers, but I just don't like it.
>
> cheers,
> David
>
> - --
> David L. Parsley
> Network Specialist
> City of Salem Schools
>
>
>
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNxetEj7msCGEppcbAQGbCAgAv//saSsBYhk0CBi1cW6vsEFip1DzK9vJ
2GegGnZ1J3ASkzkhNZbKjkkqS/++2KjxmzekSceX99Xe1d+WW2JPabu4O5uJ8gYb
on4RyasMSSaMMGiovgLVJ2yCjWlQ0KR4AFPPsiNz1kQ0MdnUWTaHVTHNTANX0bPY
Fw978Oe46WMl0LxMSTawLd1k/XwRHQu51wyBd60unvwmUB7r37gtVMx1uIVtalhM
wgZ61dlKYlQNMMv0mZCVAf5PUMbkJyJ1lhxPrMsaAW6/ZqECbGuH3vtqBlVbwgL9
ZjVNZ4UvMXK787C4EfzuhW0bMLtoZXxdUxWA+9hr8Y56TpnZCv0tWQ==
=yHZL
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/