Xref: utzoo comp.unix.wizards:22930 alt.security:1120
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!ns-mx!pyrite.cs.uiowa.edu
From: jones@pyrite.cs.uiowa.edu (Douglas W. Jones,201H MLH,3193350740,3193382879)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: Hard links to directories: why not?
Message-ID: <1906@ns-mx.uiowa.edu>
Date: 18 Jul 90 20:44:53 GMT
References: <10527@odin.corp.sgi.com>
Sender: news@ns-mx.uiowa.edu
Followup-To: comp.unix.wizards
Lines: 24

William Lewis asked why UNIX doesn't allow hard links to directories.

I don't think the reason has anything to do with security.  My understanding
of the problem is that it would allow the creation of circularly linked
structures that the crude reference count scheme of UNIX could not deal
with.  UNIX assumes that the only circular linkages in the directory tree
are . and .., and the special services "mkdir" and "rmdir" take care of
these special cases.

The Cambridge CAP file system demonstrated quite effectively that it is
perfectly possible to allow users to create arbitrary linkages between
directories and files, but this worked only because they invented a nice
combination of garbage collection and reference counts to handle the
problem of reclaiming circularly linked grabage.

The CAP file system was capability based, but the decision to allow
directories to be circularly linked is independent of the access control
mechanisms they used on their capabilities.  In UNIX terms, the CAP
file system can be thought of as having an access rights field like that
in each UNIX I-node, but this was stored in the link to the file, so each
link could confer different access rights to the file.

					Doug Jones
					jones@herky.cs.uiowa.edu