AFS and changing local UIDs

Paul Nepywoda nepywoda at fnal.gov
Tue Jul 29 15:56:47 CEST 2003


Basically I'm wondering if taking time to both change the UID AND chown 
every file is worth the time (and it can sometimes take a long time). 
It seems like Finder will eventually figure out that it can write to 
AFS space, but would it figure this out faster if the UIDs matched?

Also, by not using a unix standard like access() are they really 
cutting any corners?

Thanks for the quick reply.
~~~Paul Nepywoda

On Tuesday, July 29, 2003, at 05:18 AM, Harald Barth wrote:

>
>> What exactly is the problem that makes it "suggested" to change UIDs? 
>> Is it a
>> security issue or is it just an issue with the Finder's interaction 
>> with AFS?
>
> Finder tries to be smart and uses the result of uid+permission bits
> instead of access(2) to figure out if it should display stuff. If you
> have a mismatch the finder's guess is wrong most of the time, if you
> have a match it is right most of the time. It would be better if the
> folks who did the finder would do the right thing instead trying to
> save time for one syscall.
>
> Others that can be confused by a mismatch are users. I don't think
> there are any security issues - AFS does not use the uid for any
> security related checks.
>
> Harald.






More information about the Arla-drinkers mailing list