read/write delegation, share deny
Trond Myklebust
trond.myklebust at fys.uio.no
Fri Aug 10 16:55:13 EDT 2007
On Fri, 2007-08-10 at 16:42 -0400, J. Bruce Fields wrote:
> On Fri, Aug 10, 2007 at 04:37:41PM -0400, Trond Myklebust wrote:
> > Neither the POSIX spec nor the Single Unix Spec. allow for the concept
> > of deny shares: in general, UNIX systems consider mandatory locks to be
> > a nuisance at best, and a security problem at worst (imagine allowing
> > someone to set a DENY_READ on /etc/passwd for instance).
>
> with the exception of exec/ETXTBSY?
That is a write lock, not a read lock and, yes, it is one of the few
exceptions I can think of. However even in that case the file has to be
labelled as executable, with the 'exec' mount option set. The lock is
enforced by the kernel only while the user is running the executable.
The other exception is of course mandatory byte range locks. In that
case, the administrator has to explicitly allow the behaviour using the
'mand' mount option, and the mandatory locks may only be set on files
which have the setgid bit set and the group execute bit cleared.
Trond
More information about the NFSv4
mailing list