Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!apollo!lwa
From: lwa@apollo.UUCP
Newsgroups: comp.sys.apollo
Subject: Re: SR9.5 bug: UNIX protection modes leave "d" rights outstanding
Message-ID: <36a9bf91.c6f9@apollo.uucp>
Date: Fri, 14-Aug-87 08:47:00 EDT
Article-I.D.: apollo.36a9bf91.c6f9
Posted: Fri Aug 14 08:47:00 1987
Date-Received: Sat, 15-Aug-87 17:01:11 EDT
References: <6559@eddie.MIT.EDU>
Organization: Apollo Computer, Chelmsford, Mass.
Lines: 29
Keywords: UNIX, SR9.5, file protection, ACLs

Actually, this is the 'correct' UNIX semantic.  You see, in UNIX, files are protected
from deletion by the protection modes on their containing directories; there is no
'delete' bit in a (native) UNIX protection mode.  Anyone who has write access (the 'w'
bit) to the containing directory is allowed to unlink any file in that directory,
irrespective of whether the user has write access to the file.

In Domain/IX, files are in a sense "double-protected".  To be allowed to delete a file
from a directory in Domain/IX, the user must have BOTH the right to delete the entry
from the containing directory AND the right to delete the file itself.  The right to
delete entries from a directory is controlled by the 'e' bit ('expunge') in the
directory's ACL, while the right to delete the file itself is controlled by the 'd'
bit ('delete') in the file's ACL; you must have BOTH rights in order to delete the
file.

Because UNIX applications, and UNIX users, expect file delete protection to be strictly
controlled by the protection mode of the directory, files created with "UNIX-style"
protection by Domain/IX are always created with the 'd' bit turned on for everyone;
this duplicates the UNIX behavior that anyone who is allowed to 'write' to the directory
(where the UNIX 'w' bit corresponds to the 'cale' bits on Domain/IX directories) is allowed
to delete any file in that directory.  BTW this behavior is not new in SR9.5; Domain/IX
has always behaved this way.

There's a (in my opinion) very good description of the relationship between ACLs and
UNIX protection modes in the new Domain/IX System Administrator's manuals (one for
Sys5, one for BSD4.2) shipped with SR9.5.
                                                                -Larry Allen
                                                                 Apollo Computer

--