1.  Home
  2. MIDRANGE-L
  3. August 2011

RE: Strange behavior from unlink() Unix-type API

Hmm, I found this, which gives a nice run through of the object creation authority...

When creating a new IFS object the authority is inherited from the parent directory.
 The owner of the new object has the same object authority as the
parent directories owner
 The primary group of the new object has the same object authority
as the parent directories primary group.
 The public authority of the new object has the same object authority
at the parent directories public authority.
 Authorization list are inherited for the parent directory.

http://woevans.net/D2010%20IFS%20Security%20(document).pdf

No time to dig deeper, but hope it helps..

-Eric

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of James Lampert
Sent: Tuesday, August 16, 2011 11:35 AM
To: Midrange Systems Technical Discussion
Subject: Re: Strange behavior from unlink() Unix-type API

DeLong, Eric wrote:
James, did you ever read the link that I posted earlier? I suspect
you're still NOT checking the directories in the path that precede
your file object. EACH of the directories in your path MUST have at
minimum *X, the directory that contains your file must have *WX, and
the file object itself must all *OBJEXIST authority...

Uh, (1) the directories that always behaved properly were direct
sister-directories to the one that was malfunctioning, i.e., in the same
immediate parent directory, so path could not have been involved, and
(2) in the malfunctioning directory, the owners of all files created
after it began malfunctioning were explicitly locked out of object
authorities for their files, and (3) the malfunctioning directory had no
authority line at all for the owner, and as soon as I added one, it
started behaving properly.

The only question remaining is how the owner's authority line for the
malfunctioning directory disappeared in the first place, and why its
absence would cause everything created therein to be created with an
owner authority line explicitly locking out the owner's object authorities.

--
JHHL
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.