On Wed, Nov 14, 2001 at 11:07:49AM +1300, Mark van Walraven wrote: > On Tue, Nov 13, 2001 at 04:20:36AM -0900, Ethan Benson wrote: > > On Tue, Nov 13, 2001 at 12:02:18PM +0100, Kjetil Torgrim Homme wrote: > > > Ethan Benson <erbenson@alaska.net> writes: > - > > > > what good will this do? the permissions of the mount point > > > > directory are irrelevant as they will be replaced by the permissions > > > > of the root directory of the mounted filesystem. > > > > > > It enables the use of vi for non-root users even when /var/tmp isn't > > > mounted ... uh ... > > And many other things too! Bash, for instance uses TMPDIR for 'here > documents'. your missing the point: > > > > what good will this do? the permissions of the mount point > > > > directory are irrelevant as they will be replaced by the > > > > permissions of the root directory of the mounted filesystem. this patch ONLY affects creation of the mountpoint directory which will be covered up by whatever partition/filesystem is mounted there. unless your mounting a partition on /var/tmp we don't create it at all, base-files does. > It might happen because the admin temporarily un-mounted /var/tmp to > alter its size. Or perhaps the filesystem was damaged and the admin > decided to bring the system up without mounting it before trying to > recover the data. Maybe we simply one day decide we don't need /var/tmp > separate from /var. and for that reason he probably doesn't want lusers filling up /var while he is working. > Differing permissions on a filesystem and its mountpoint - in the absence > of admin intervention - violate the principle of least surprise for > most mount-points (obvious exceptions are /mnt, /cdrom and /floppy). > The inconsistency with /tmp is itself surprising. i disagree, lusers suddenly gaining write permission to a filesystem its not granted to them due to mountpoints is a surprise. i would bet the only reason there is a special case kludge in boot-floppies here is due to severe misunderstanding of something by some other coder, i found many many instances of mkdir("/foo/bar", 1777) which does not work. the permission you specify is always ORed with the current umask, and the first digit is always ignored. you can't create a sticky directory with mkdir("blah", somemode) afaikt. if anything this sillyness regarding mountpoint directories should be removed, not expanded. > If I want to stop users writing into the /tmp and /var/tmp mountpoint > directories when nothing is mounted on them, then I change the > directory permissions in a deliberate act. However, since the system > will not automatically boot into multi-user mode without mounting all > the filesystems in fstab, I need not fear the mountpoints being exposed > without administrative fiat. yes so you agree the permissions of the mountpoint dir don't need to be fiddled with. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpmLsAoIHKL5.pgp
Description: PGP signature