Newsgroups: comp.unix.internals Path: utzoo!censor!geac!gjetor!adeboer From: adeboer@gjetor.geac.COM (Anthony DeBoer) Subject: Re: non-superuser chown(2)s considered harmful Message-ID: <1990Dec11.203615.3967@gjetor.geac.COM> Organization: Geac J&E Systems Ltd. References: <1990Dec8.184047.22221@mp.cs.niu.edu> <1990Dec09.043647.25826@iecc.cambridge.ma.us> <5733@labtam.labtam.oz> Date: Tue, 11 Dec 90 20:36:15 GMT In article <5733@labtam.labtam.oz> iand@labtam.labtam.oz (Ian Donaldson) writes: > >johnl@iecc.cambridge.ma.us (John R. Levine) writes: >>Does anyone really do quota accounting by the UID of the file? Consider >>the following scenario: User A creates a large file. User B links to it. >>User A then deletes the original link. If you charge by uid, user A is >>charged for the file even though she has no control over it any more, and >>might not even be able to see that it exists, depending on B's directory >>protections. > >This is a silly argument. For user B to write to the file, he must >have been granted permission by user A. Thus it is user A's responsibility >in the first place that the subsequent space charging is against him. Who says user B can or needs to be able to write to the file? All they need is to be able to read the file in A's directory, write permission to their own directory, and for both to be on the same disk partition. These are sufficient permissions to let them link the file into their own directory. Now user A deletes the file, but it doesn't go away because of the second link. In fact, if B has protected that directory against other users (chmod 700 dirname), user A can't even see where the second link is (note, though, that if A is on the ball, she might see two links on an ls -l and truncate the file to zero bytes before removing it). Even if all user B can do with the file is look at it, or maybe hopefully eventually blow it away, if you do quota accounting by user the file still gets charged against A. >If user A wants to prevent others writing his files, thats easy. >User A can also prevent people linking to his files by hiding them >below a directory that has the appropriate permissions. Permissions to prevent anyone writing in your directory are reasonable and IMHO something that should be done. Preventing reading can be reasonable too if the file is sensitive, but such paranoia should not be required just because of the way a silly quota system is implemented. -- Anthony DeBoer - NAUI #Z8800 adeboer@gjetor.geac.com Programmer, GEAC J&E Systems Ltd. uunet!jtsv16!geac!gjetor!adeboer Toronto, Ontario, Canada #include