Subject: Re: File names and security...
To: Jim Wise <firstname.lastname@example.org>
From: Ted Lemon <email@example.com>
Date: 06/09/1997 09:30:56
> But such a restriction is only relevant if it affects all systems
> accessing a drive, no? I hardly want a drive to contain files which can
> be created on one system, but not deleted on another...
Jim, I don't get the impression that you would use this feature if it
were available - correct me if I'm wrong. So whether or not it works
in a way that seems consistent to you isn't very important - what is
important is that it work in a way that satisfies the people who will
actually use it.
If this feature is actually useful, it is useful because it makes it
impossible to take advantage of weirdly-named files. The person who
enables this feature is more concerned about security than
consistency. Such a person would want to prevent people from
accessing bogusly named files regardless of whether they are on a
local filesystem or an NFS filesystem. Such a person would not be
bothered by the notion that some files might not be accessible - s/he
would consider that an issue for the maintainer of the NFS server.
Furthermore, let us say that at a particular site, there were 20
NetBSD machines which people used to do their work, and one NAC
fileserver. The site administrator could configure all 20 NetBSD
machines to enable the filename restriction feature we're discussing,
but no such restriction could be enforced on the NAC fileserver.
Nonetheless, because the feature was enabled on all the NFS clients,
no oddly-named files could be created.