cvs commit: src/sys/kern vfs_syscalls.c

Matthew Dillon dillon at crater.dragonflybsd.org
Thu Sep 29 14:01:10 PDT 2005


dillon      2005/09/29 13:59:30 PDT

DragonFly src repository

  Modified files:
    sys/kern             vfs_syscalls.c 
  Log:
  Implement sysctls to restrict a user's ability to hardlink files owned by
  other users or groups.  These sysctls are in addition to checks already made
  (that the user must also be able to write to the file via user, group,
  or world perms).
  
  kern.hardlink_check_uid		If set the user must own the file to
  				be able to create a hardlink, or be root.
  
  kern.hardlink_check_gid		If set the user must either own the file
  				or be a member of the same group as the
  				file, or be root.
  
  				Setting both flags is equivalent to just
  				setting the uid flag.
  
  Taken from FreeBSD with slightly different semantics for hardlink_check_gid.
  In DragonFly, if hardlink_check_gid is set, the file can still be hardlinked
  if the user is not a member of the file's group if the user owns the file.
  non-group membership is quite common due to group inheritance from the
  parent directory when a file or directory is created by the user and
  disallowing the case would make hardlink_check_gid non-useful.
  
  Submitted-by: Matthias Schmidt <schmidtm at xxxxxxxxxxxxxxxxxxxxxxxxx>
  
  Revision  Changes    Path
  1.73      +54 -1     src/sys/kern/vfs_syscalls.c


http://www.dragonflybsd.org/cvsweb/src/sys/kern/vfs_syscalls.c.diff?r1=1.72&r2=1.73&f=u





More information about the Commits mailing list