Path: utzoo!attcan!uunet!seismo!sundc!hadron!jsdy From: jsdy@hadron.UUCP (Joseph S. D. Yao) Newsgroups: comp.unix.wizards Subject: Re: rm etc. (was: Nasty Security Hole?) Summary: "Semantics" Message-ID: <816@hadron.UUCP> Date: 22 Nov 88 18:21:22 GMT References: <175@ernie.NECAM.COM> <189@wyn386.UUCP> <8910@smoke.BRL.MIL> <118@hudson.Morgan.COM> <8941@smoke.BRL.MIL> Reply-To: jsdy@hadron.UUCP (Joseph S. D. Yao) Distribution: na Organization: Hadron, Inc., Fairfax, VA Lines: 38 In article <8941@smoke.BRL.MIL> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) ) writes: >In article <118@hudson.Morgan.COM> frank@Morgan.COM (Frank Wortner) writes: >>In article <8910@smoke.BRL.MIL> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) ) writes: >>}Inode permissions apply to the contents of the inode, not to >>}links to it (which are contained in other inodes). >>Perhaps I've failed to understand what you wrote. I've always thought that >>non-symbolic links were directory entries pointing to the *same* inode, and >>that any permissions (read, write, and execute of the underlying object) >>were shared by all links. >No, the link can be altered independently of permissions on the inode >to which it is a link. This is a confusion in understanding of what is meant by "the link". Most people, including frank@Morgan.COM, seem to think of "the link" as the object named, the file containing data. That is indeed one object, with permissions, data, etc. Gurus like Doug have much understanding of the reality underlying this, but sometimes forget to explain, that the "link" is just the name. It has itself no inherent permissions et al. The file or other object so named has the permissions. The name does not. The implementation of the name as a series of directory entries implies that permission to alter one element of the name is dependent on the permissions for the object (directory) in which that element of the name is contained. The confusion is boosted along by all those texts that explain the Unix tree-structured file system with a box at the top labelled "/" and lines to other boxes named "bin", "tmp", etc. This is wrong, of course: the names go on the lines ... Joe Yao jsdy@hadron.COM (not yet domainised) hadron!jsdy@{uunet.UU.NET,dtix.ARPA,decuac.DEC.COM} arinc,att,avatar,blkcat,cos,decuac,dtix,\ ecogong,empire,gong,grebyn,inco,insight, \!hadron!jsdy kcwc,lepton,netex,netxcom,phw5,rlgvax, / seismo,sms,smsdpg,sundc,uunet /