From: Adam Megacz Date: Thu, 31 May 2007 07:38:09 +0000 (+0000) Subject: none X-Git-Url: http://git.openafs.org/?p=openafs-wiki.git;a=commitdiff_plain;h=d1c05e23997a16b6f968d8c129289552736ec528 none --- diff --git a/AFSLore/UsageFAQ.mdwn b/AFSLore/UsageFAQ.mdwn index 3598f84..854aac0 100644 --- a/AFSLore/UsageFAQ.mdwn +++ b/AFSLore/UsageFAQ.mdwn @@ -29,6 +29,7 @@ The Usage Section of the [[AFSFrequentlyAskedQuestions]].
  • 2.19 What are the ~/.__afsXXXX files?
  • 2.20 How do you set up IP-based ACLs?
  • 2.21 What meaning do the owner, group, and mode bits have in AFS?
    • +
  • 2.22 What are "dropboxes"?
    • @@ -489,3 +490,11 @@ The following is believed to be a complete list of those circumstances. Below, " The sticky bit, group of a file, g+rwx, and o+rwx bits are completely ignored by all AFS components. Additionally, the u+rwx bits are ignored on directories. Newly created files and directories are given an owner numerically equal to the pts identity of the user who created the file or directory. Initial mode bits are assigned by the AFS cilent, typically based on the creating user's umask. + +### 2.22 What are "dropboxes"? + +When the ACL on a directory is set to "irl", this creates what is called a "dropbox". In theory, users should be able to deposit files in the directory, but not modify them once deposited. + +In practice, the "not modify them once deposited" part is not enforced by the fileserver; only the [[OpenAFS]] client enforces this restriction. Thus, you should not depend on this for security. + +Also, note that system:anyuser=irl has additional problems: because dropbox semantics are based on pts identities (see question 2.21), the fileserver cannot distinguish between two unauthenticated users. So, not only can a user come back days later and modify the "dropped" file, but **any** user can modify a file dropped by an unauthenticated user, at any time.