On Mon, Oct 15, 2012 at 8:45 PM, <sf...@users.sourceforge.net> wrote: > > > No. > To keep the consistency from the point of middle fs's view, the upper > permission bits should not override the lowers. > > As long as the middle branch prohibits such access, aufs simply follow it. > Otherwise it can be a violation of a security feature which the middle > branch fs has. > > For your information, here is the aufs behaviour for the dir permission > check. > - for access other than dir, aufs checks the first one only. "first" > means that the file firstly aufs found. > - for "write" to dir, aufs checks the first one only too, since aufs > will never write to the lower branches. > - for "read" to dir, aufs checks the same named dirs on all branches, > since aufs reads all of them. > > > J. R. Okajima
Ok. This one is what I missed: > - for "read" to dir, aufs checks the same named dirs on all branches, > since aufs reads all of them. Though it is still mystery to me why aufs3.2 allows such access, now I know the right way to do things and my system works. Thank you! Okajima, your replies are always quick and helpful. Guan ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
