cvs commit: src/sys/kern vfs_syscalls.c
Matthew Dillon
dillon at crater.dragonflybsd.org
Thu Sep 29 14:01:10 PDT 2005
dillon 2005/09/29 13:59:30 PDT
DragonFly src repository
Modified files:
sys/kern vfs_syscalls.c
Log:
Implement sysctls to restrict a user's ability to hardlink files owned by
other users or groups. These sysctls are in addition to checks already made
(that the user must also be able to write to the file via user, group,
or world perms).
kern.hardlink_check_uid If set the user must own the file to
be able to create a hardlink, or be root.
kern.hardlink_check_gid If set the user must either own the file
or be a member of the same group as the
file, or be root.
Setting both flags is equivalent to just
setting the uid flag.
Taken from FreeBSD with slightly different semantics for hardlink_check_gid.
In DragonFly, if hardlink_check_gid is set, the file can still be hardlinked
if the user is not a member of the file's group if the user owns the file.
non-group membership is quite common due to group inheritance from the
parent directory when a file or directory is created by the user and
disallowing the case would make hardlink_check_gid non-useful.
Submitted-by: Matthias Schmidt <schmidtm at xxxxxxxxxxxxxxxxxxxxxxxxx>
Revision Changes Path
1.73 +54 -1 src/sys/kern/vfs_syscalls.c
http://www.dragonflybsd.org/cvsweb/src/sys/kern/vfs_syscalls.c.diff?r1=1.72&r2=1.73&f=u
More information about the Commits
mailing list