So how would hard links be handled? Ignore the capability specified for
the file?
> I think it was a mistake to have permissions be part of the inode in the
> first place, but that's UNIX for you. A direntry-based approach is _so_
> much more flexible, and doesn't really have any downsides.
That was a conscious decision to ensure that the ownership, and mode
bits remained associated with a file no matter how the file is accessed (full
path, relative path, hard link, or inode number). It also meant that there was
only one place that might need to be updated if the permissions were
changed. If they were in directories then all directories containing a
link to the file would have to be updated (assuming you could find them
efficiently).
Since all accesses HAD to go through the inode, it forced the security
information to be united with the file, and could not be misplaced.
> (Having attributes in the direntry also makes it possible to much more
> efficiently scan directories for types of files without having to look up
> the inode information).
True, but a hard link would bypass whatever capabilities were assigned
to the file. Also, what happens on things like mv or cp. Since mv
only puts a name in the target directory with the inode number it
would appear that any capabilities assigned to the file would be lost.
Although cp should loose the capabilities, I would expect mv to preserve them.
-- ------------------------------------------------------------------------- Jesse I Pollard, II Email: pollard@navo.hpc.milAny opinions expressed are solely my own. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/