Jeffrey Hutzelman
Mon, 25 Jan 2010 13:01:07 -0800
On Fri, 22 Jan 2010 09:16:11 -0500 Jeffrey Altman <jalt...@secure-endpoints.com> wrote:On 1/22/2010 8:15 AM, Andrew Deason wrote: > Being the owner and having 'i' permissions is supposed to give you > implicit 'r' and 'w', isn't it? I believe the fileserver lets you do > that, and the existing client code certainly tried to allow that. The fileserver grants the owner of the file implicit read and write privileges because it has no ability to determine when a file was created vs. when it was opened. That information is only available to the cache managers. It is the responsibility of the cache manager to enforce insert only semantics on the file. That means that cache manager must track when a file was created separately from when it was opened and only permit the read and write permissions on the file to be used in the create case. Any other behavior is not consistent with the 'insert' only privilege.Why does the fileserver grant implicit read? A dropbox appears to work at least for a couple of trivial cases when I disable it.
Because conceptually (and with the help of CM's enforcing this), 'i' means that you can create a new file and read and write it as much as you want until you close it. It does not mean that the newly-created file is write-only. For that to work, the fileserver must allow the CM to fetch chunks that have been pushed out of its cache.
-- Jeff _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel