Re: AFS and changing local UIDs
Paul Nepywoda <nepywoda <at> fnal.gov>
2003-07-29 13:56:37 GMT
Basically I'm wondering if taking time to both change the UID AND chown
every file is worth the time (and it can sometimes take a long time).
It seems like Finder will eventually figure out that it can write to
AFS space, but would it figure this out faster if the UIDs matched?
Also, by not using a unix standard like access() are they really
cutting any corners?
Thanks for the quick reply.
On Tuesday, July 29, 2003, at 05:18 AM, Harald Barth wrote:
>> What exactly is the problem that makes it "suggested" to change UIDs?
>> Is it a
>> security issue or is it just an issue with the Finder's interaction
>> with AFS?
> Finder tries to be smart and uses the result of uid+permission bits
> instead of access(2) to figure out if it should display stuff. If you
> have a mismatch the finder's guess is wrong most of the time, if you
> have a match it is right most of the time. It would be better if the
> folks who did the finder would do the right thing instead trying to
> save time for one syscall.
> Others that can be confused by a mismatch are users. I don't think
> there are any security issues - AFS does not use the uid for any
> security related checks.