MinorCtkrFs

From MinorFs Wiki

Jump to: navigation, search

MinorCtkrFs is build around the caretaker pattern of revocable permissions. In MinorFs, access to an unattenuated MinorCapFS directory or file node implies access to a special controll directory bound to this node. Each /mnt/minorfs/cap/$BASECAP directory in MinorCapFs coresponds to a controll directory /mnt/minorfs/ctkr/cap/$BASECAP.

Within this controll directory it is possible to create petnamed control nodes using the mknod. On creation the controll node will have the permissions mask set to either 0666 if $BASECAP designates a directory or 0600 if $BASECAP designates a file. Using the chmod command it is possible to revoke some of the defined access rights, but not ot reinstate them. The petnamed control node is thus used to control attenuated access.

The attenuated access defined by the control node can be delegated. In order to get a sparse capability that gives attenuated access, the control node has an extended attribute 'caretaker' defined.

Where Unix users have gotten used to the bits of the access mask being tied to the owner, the group and the universe, these concepts have no meaning within MinorFs. MinorFs uses the 3 distinct sets of Unix rwx bits to mean:

  • The node itself.
  • Child directory nodes.
  • Child file nodes.

Please note that the 'execute' bit is not supported by MinorCtkrFs. If you would want to delegate a read only version of a directory capability, setting the mask to 0444 would do the trick. For a file capability, 0400 would be the proper read only mask. In this case write permissions are revoked prior to delegation. It is however also possible to revoke access rights some time after delegation.

The folowing list gives some useful masks and their interpretation for directories:

  • 0400 : Permission to readdir the directory node.
  • 0040 : Permission to readdir subdirectory nodes.
  • 0004 : Permission to read files at any level.
  • 0220 : Permission to create sub directories at all levels.
  • 0020 : Permission to create sub directories at all but the top level.
  • 0202 : Permission to create files at the top level and to change files at any level.
  • 0022 : Permission to create files at all but the top level and to change files at any level.

Calling getxattr on /mnt/minorfs/ctkr/cap/$BASECAP/$PETNAME with the 'caretaker' argument will return a path in the form /mnt/minorfs/ctkr/$ATTENUATEDCAP. It is possible to further attenuate attenuated access. Fetching the 'ctkr' attribute from /mnt/minorfs/ctkr/$ATTENUATEDCAP will return the path /mnt/minorfs/ctkr/ctkr/$ATTENUATEDCAP, that again is a directory that can hold petnamed attenuation nodes.

To make the MinorCtkrFS function more concrete, lets look at an example.

Alice:

  • attr -g ctkr /mnt/minorfs/cap/7307c19505b6ffe0fa7ff5fcde51d81106d432e7
    • /mnt/minorfs/ctkr/cap/41dd3e5742a08d2eac8aa28486102b31771b3933
  • mknod /mnt/minorfs/ctkr/cap/41dd3e5742a08d2eac8aa28486102b31771b3933/ForBob c
  • chmod 0446 /mnt/minorfs/ctkr/cap/41dd3e5742a08d2eac8aa28486102b31771b3933/ForBob
  • attr -g caretaker /mnt/minorfs/ctkr/cap/41dd3e5742a08d2eac8aa28486102b31771b3933/ForBob
    • /mnt/minorfs/ctkr/7307c19505b6ffe0fa7ff5fcde51d81106d432e7
  • /mnt/minorfs/ctkr/7307c19505b6ffe0fa7ff5fcde51d81106d432e7 -> Bob

Bob:

  • attr -g ctkr /mnt/minorfs/ctkr/7307c19505b6ffe0fa7ff5fcde51d81106d432e7
    • /mnt/minorfs/ctkr/ctkr/7307c19505b6ffe0fa7ff5fcde51d81106d432e7
  • mknod /mnt/minorfs/ctkr/ctkr/7307c19505b6ffe0fa7ff5fcde51d81106d432e7/ForCarol c
  • chmod 0444 /mnt/minorfs/ctkr/ctkr/7307c19505b6ffe0fa7ff5fcde51d81106d432e7/ForCarol
  • attr -g caretaker /mnt/minorfs/ctkr/ctkr/7307c19505b6ffe0fa7ff5fcde51d81106d432e7/ForCarol
    • /mnt/minorfs/ctkr/2b410adcb9d7f3582b18d8d2b381fe9c1de59705
  • /mnt/minorfs/ctkr/2b410adcb9d7f3582b18d8d2b381fe9c1de59705 -> Carol

In the example Alice starts off with full unattenuated access to a directory tree. Alice delegates read acces to the whole tree and the permission to edit existing files to Bob. Bob takes this attenuated access and creates a further attenuation removing the permission to edit files, in order to delegate read only access to the full tree to Carol. Please note that both Alice and Bob will be able to revoke any remaining access.

Retrieved from "http://minorfs.polacanthus.net/wiki/MinorCtkrFs"
Personal tools