On Wed, Nov 14, 2001 at 11:07:49AM +1300, Mark van Walraven wrote:
> On Tue, Nov 13, 2001 at 04:20:36AM -0900, Ethan Benson wrote:
> > On Tue, Nov 13, 2001 at 12:02:18PM +0100, Kjetil Torgrim Homme wrote:
> > > Ethan Benson <erbenson@alaska.net> writes:
> -
> > > > what good will this do? the permissions of the mount point
> > > > directory are irrelevant as they will be replaced by the permissions
> > > > of the root directory of the mounted filesystem.
> > >
> > > It enables the use of vi for non-root users even when /var/tmp isn't
> > > mounted ... uh ...
>
> And many other things too! Bash, for instance uses TMPDIR for 'here
> documents'.
your missing the point:
> > > > what good will this do? the permissions of the mount point
> > > > directory are irrelevant as they will be replaced by the
> > > > permissions of the root directory of the mounted filesystem.
this patch ONLY affects creation of the mountpoint directory which
will be covered up by whatever partition/filesystem is mounted there.
unless your mounting a partition on /var/tmp we don't create it at
all, base-files does.
> It might happen because the admin temporarily un-mounted /var/tmp to
> alter its size. Or perhaps the filesystem was damaged and the admin
> decided to bring the system up without mounting it before trying to
> recover the data. Maybe we simply one day decide we don't need /var/tmp
> separate from /var.
and for that reason he probably doesn't want lusers filling up /var
while he is working.
> Differing permissions on a filesystem and its mountpoint - in the absence
> of admin intervention - violate the principle of least surprise for
> most mount-points (obvious exceptions are /mnt, /cdrom and /floppy).
> The inconsistency with /tmp is itself surprising.
i disagree, lusers suddenly gaining write permission to a filesystem
its not granted to them due to mountpoints is a surprise.
i would bet the only reason there is a special case kludge in
boot-floppies here is due to severe misunderstanding of something by
some other coder, i found many many instances of mkdir("/foo/bar",
1777) which does not work. the permission you specify is always ORed
with the current umask, and the first digit is always ignored. you
can't create a sticky directory with mkdir("blah", somemode) afaikt.
if anything this sillyness regarding mountpoint directories should be
removed, not expanded.
> If I want to stop users writing into the /tmp and /var/tmp mountpoint
> directories when nothing is mounted on them, then I change the
> directory permissions in a deliberate act. However, since the system
> will not automatically boot into multi-user mode without mounting all
> the filesystems in fstab, I need not fear the mountpoints being exposed
> without administrative fiat.
yes so you agree the permissions of the mountpoint dir don't need to
be fiddled with.
--
Ethan Benson
http://www.alaska.net/~erbenson/
Attachment:
pgpmLsAoIHKL5.pgp
Description: PGP signature