> + /* XXX Must be owned by root. */ > + if (va->va_uid != 0) > + return (EPERM); > + > + /* Must not be writable by group or other. */ > + if (va->va_mode & (S_IWGRP | S_IWOTH)) > + return (EPERM); > + > + return (0); this kind of permission checks are filesystem dependent. consider acls or remote filesystems. YAMAMOTO Takashi