rich@eddie.MIT.EDU (Richard Caloggero) (08/13/87)
---> Help! We just installed SR9.5, and BSD4.2 on one of our DN3000s. I ran the "/install/acl_bsd4.2" script using all of the supplied defaults (no modifications). However, when I examined the ACL of the files, they all seem to have delete rights on all entries (even for %.%.%.%). Not wanting to believe this, I created a file and used "/bin/chmod 444 file" to change it to read-only. When I examined the acl for the file, it showed these entries: (rich.%.%.% p-nd-r-) ;that's me (%.sys_admin.%.% ---d-r-) (%.backup.%.% -----r-) (%.%.%.% ---d-r-). The backup ploject seems to be the only one receiving the propper rights. What's going on here? ----- Richard Caloggero: Arpanet: "rich@eddie.mit.edu".
Giebelhaus@HI-MULTICS.ARPA (08/13/87)
Yes, the d rights are supposed to be there. In unix one always have delete rights to files. Whether you can delete a file is controlled at the directory level. That is, you need both delete rights on the file and expunge rights on the directory containing the file in order to delete the file. If you like at it with the unix commands, you need not even know any of this.
lwa@apollo.UUCP (08/14/87)
Actually, this is the 'correct' UNIX semantic. You see, in UNIX, files are protected
from deletion by the protection modes on their containing directories; there is no
'delete' bit in a (native) UNIX protection mode. Anyone who has write access (the 'w'
bit) to the containing directory is allowed to unlink any file in that directory,
irrespective of whether the user has write access to the file.
In Domain/IX, files are in a sense "double-protected". To be allowed to delete a file
from a directory in Domain/IX, the user must have BOTH the right to delete the entry
from the containing directory AND the right to delete the file itself. The right to
delete entries from a directory is controlled by the 'e' bit ('expunge') in the
directory's ACL, while the right to delete the file itself is controlled by the 'd'
bit ('delete') in the file's ACL; you must have BOTH rights in order to delete the
file.
Because UNIX applications, and UNIX users, expect file delete protection to be strictly
controlled by the protection mode of the directory, files created with "UNIX-style"
protection by Domain/IX are always created with the 'd' bit turned on for everyone;
this duplicates the UNIX behavior that anyone who is allowed to 'write' to the directory
(where the UNIX 'w' bit corresponds to the 'cale' bits on Domain/IX directories) is allowed
to delete any file in that directory. BTW this behavior is not new in SR9.5; Domain/IX
has always behaved this way.
There's a (in my opinion) very good description of the relationship between ACLs and
UNIX protection modes in the new Domain/IX System Administrator's manuals (one for
Sys5, one for BSD4.2) shipped with SR9.5.
-Larry Allen
Apollo Computer
--