PERFORCE change 35437 for review

Robert Watson rwatson at
Sun Aug 3 21:26:27 GMT 2003

Change 35437 by rwatson at rwatson_paprika on 2003/08/03 14:25:56

	More notes on file permissions and UFS protections, to be
	fleshed out into text later.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#8 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#8 (text+ko) ====

@@ -1376,7 +1376,7 @@
 <sect4 id="secarch-ufsmode">
-  <title>UFS Mode Field</title>
+  <title>UFS Owner and Mode Fields</title>
@@ -1392,20 +1392,35 @@
 generally implemented only at open() for files, per operation for
-	write
-	read
-	execute
+file, device, fifo
+	write		write/append file contents, truncate file, map writable
+	read		read file contents, map readable
+	execute		permission to execve()
 	apply to data of file; also user namespace extended attributes
 	system namespace extended attributes require suser
-	admin limited to owner, suser
+	admin limited to owner
+	additional protections may apply to device objects as implemented
+	by the device driver.
+	write		(connect)
+	read		unused
+	execute		unused
+	permissions have no effect on symlink operations
-	write
-	read
-	execute
+	write		(insert, delete)
+	read		(list)
+	execute		(lookup)
+	sticky bit	special protection for objects in directory
+			must be object owner or directory owner to
+			delete/replace entries in the directory,
+			regardless of permissions
 	apply to data of directory; also user namespace extended attributes
 	system namespace extended attributes require suser
@@ -1467,6 +1482,29 @@
 requested creation mode for the operation, and the protections on
 the parent directory (specifically, the default ACL).
+New UFS file system objects will be assigned the effective uid
+of the authorizing credential as their owner uid.
+New UFS file system objects will be assigned a group equal to the
+group of the directory in which the object is created.
+Setgid flag removed from new file system objects if the creating
+credential is not a member of the group.
+Processes requesting the creation of the file provide two elements
+used to calculate the new object's mode bits: an explicit creation
+mode argument to the call creating the object, and an implicit
+process umask, set by the umask() system call, which masks the
+creation mode.
+In addition, the setgid bit will not be included in the mode of
+a new object even if requested, if the object does not have a
+group that appears in the process credential effective or extended
+The sticky bit is only permitted for directory objects if the
+authorizing credential is not privileged.
 Note: composition of default ACL, umask, and cmode, are as defined
 in POSIX.1e; some other systems use alternative compositions.
To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list