diff options
author | babkin <babkin@FreeBSD.org> | 2006-06-26 22:03:22 +0000 |
---|---|---|
committer | babkin <babkin@FreeBSD.org> | 2006-06-26 22:03:22 +0000 |
commit | f0555f2de979cc15b2f5899edf00461f6d7ead98 (patch) | |
tree | 5a888face21156af319d2eb75b377d99d44fcb7f /sys/conf | |
parent | d1da54538c97d4601d9177d8900bd5fe8f53cc00 (diff) | |
download | FreeBSD-src-f0555f2de979cc15b2f5899edf00461f6d7ead98.zip FreeBSD-src-f0555f2de979cc15b2f5899edf00461f6d7ead98.tar.gz |
Backed out the change by request from rwatson.
PR: kern/14584
Diffstat (limited to 'sys/conf')
-rw-r--r-- | sys/conf/NOTES | 64 | ||||
-rw-r--r-- | sys/conf/options | 1 |
2 files changed, 0 insertions, 65 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 79ecc5d..7d610bc 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -905,70 +905,6 @@ options QUOTA #enable disk quotas # options SUIDDIR -# The common user and group ID space for the local filesystems -# (see PR kern/14584), AKA "poor man's ACLs". -# -# From the systems administration standpoint ACLs are a pain to use: -# * they are not supported by the classic file formats like tar and cpio -# * they need lots of ugly flags to commands like chown or ls -# * they are just by themselves difficult to show in ls -# * they promote ad-hoc and messy assignment of permissions -# -# But in fact the classic Unix permissions seem to have only one real problem: -# sometimes it's neccessary to give read permissions to one group of -# users and read-write permissions to another group of users. But only -# one group is supported and that makes a problem. The common ID -# support solves this problem without breaking any compatibility. -# -# Controlled by the sysctl: -# vfs.commonid.local.enabled: Enable common UID/GID space for local filesystems -# vfs.commonid.local.low: Lowest common UID/GID value for local filesystems -# vfs.commonid.local.high: Highest common UID/GID value for local filesystems -# -# When enabled, the user and group ID space in the range [low, high] -# becomes common. That is, if there is an user with some ID in this range, -# there must not be a group with the same ID (except for a special case -# described later). Traditionally this kind of overlapping exists in the -# low values of system IDs, so the implementation won't allow to set the -# low border below 100. If it's set manually below 100, the first time -# an access check is done, the system will reset it to 100. -# -# The special case is that for the symbolic group and user names to work -# correctly, every time a user is created, a pseudo-group with the same -# ID and name must be created. And the other way around - every time -# a group is created, a pseudo-user with the same name and ID must be created. -# Otherwise command like "ls" won't show the user/group names correctly -# and command like "chown" won't understand the symbolic names correctly. -# -# The IDs in the common range can be used interchangeably in both the -# user and group fields of file permissions. For example, if you have -# groups group1 and group2 with IDs in the common range, you can do: -# chmod 240 file -# chown group1:group2 file -# This would allow the group1 to write to the file and group2 to read -# the file. -# -# This semantics works only for the access but not for modification of -# the permissions. In the example above the members of group1 aren't allowed -# to call chmod on the file. Such changes must be done either by root -# or through the pseudo-user group1. -# -# If it's desiable to give the "owner group" of some files (like group1 -# in this example) the rights to change the permissions of all the files -# it owns, it can be achieved through cloning the chmod binary and -# adding the pseudo-user setuid rights to it: -# cp /bin/chmod /usr/local/bin/group1chmod -# chown group1 /usr/local/bin/group1chmod -# chmod u=xs,g=,o= /usr/local/bin/group1chmod -# A similar thing can be done for chown. -# In result all the members of group1 would be able to execute group1chmod, -# which would assume the ID of pseudo-user "group1" and will be able -# to change the file permissions. -# -# This logic does not work on the remote filesystems (such as NFS). - -options COMMONID # Enable support for common UID/GID space - # NFS options: options NFS_MINATTRTIMO=3 # VREG attrib cache timeout in sec options NFS_MAXATTRTIMO=60 diff --git a/sys/conf/options b/sys/conf/options index 2aee2d4..19cca6f 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -163,7 +163,6 @@ VFS_AIO VERBOSE_SYSINIT opt_global.h WLCACHE opt_wavelan.h WLDEBUG opt_wavelan.h -COMMONID opt_commonid.h # POSIX kernel options P1003_1B_MQUEUE opt_posix.h |