Subject: Permissions on directories.
To: None <current-users@netbsd.org>
From: Shyeah right. What am I gonna do with a gun rack? <greywolf@starwolf.starwolf.com>
List: current-users
Date: 10/19/1998 10:11:24
umask(0);
open("YACOW", O_RDWR|O_CREAT, 0666);

At the risk of sounding really obtuse, have we assigned a use for the
setuid bit on a directory yet?

Has anyone else?

If not, has it ever occurred to someone else that it might be nice
to be able to allow for file/symlink creation inside a public (or
personal directory) without allowing directory creation?

I don't think there's a flag providing for this with chflags([12]),
and AFAICT there are no mode bits providing for such an action:

	- setgid on a directory supposedly makes any file/directory
	  creation inherit the gid of the directory in which it is
	  created, otherwise it (supposedly) inherits the gid of the
	  process which created it.

	- sticky bit on a directory allows for the conditional removal
	  of an object directly within the directory.

Many, if not all, of us are systems administrators, or have been at
some time (or else we'd not be building and rebuilding systems at a
particularly playful momentary lapse of reason :-), so sometimes we
become a bit blinded to the Average Joe User point of view.

There were times when I've been an Average Joe User No. 302 and have
wanted to allow a public space for people to put things, but I don't
want to give them the ability to create an inaccessible tree within
the directory, and the honor system doesn't always work.

Should this be something controlled by chmod or chflags(2), or is it
even worth addressing?  (my answer to this question, at least quan-
titatively speaking, should be obvious.)

Comments welcomed publicly, flames welcomed privately (I don't expect
to see too many of them, but ya never know :-).



				--*greywolf;
--
System V any flavor: just say NO!