File Write Permission Rules

Thu Feb 16 06:50:10 AEST 1989

In article <502 at maxim.ERBE.SE>, prc at maxim.ERBE.SE (Robert Claeson) writes:
> In article <306 at wubios.wustl.edu> david at wubios.wustl.edu (David J. Camp) writes:
> >My question is:  What is the (historical or otherwise) justification for
> >this rule?  It seems wrong.  I would have required write permission to
> >the file itself in order that it be removed.
...
> I think that what David meant is that it would make more sense to let
> all objects in the file system have its own attributes, instead of
> relying on the directory permissions for some things. And I agree --
> it certainly makes more sense to have a "delete" attribute on a file,
> which must be set in order for me to remove it. And I'd like to add
> an "append" attribute to the list.

How would this "delete" attribute affect files with multiple links?  No
acceptable meaning springs directly to mind.  It seems that there are two
possibilities:
	1) the "delete" attribute applies on every unlink operation.
	2) the "delete" attribute applies only on the "last" unlink operation.
Even if (2) is the accepted meaning, the "last" link to be severed may
not be the original link to the file.  So if I create a link in my home
directory to a file owned by another uid, I might not be able to delete
that link when I'm done with it.  I'd have to ask the owner to delete
a file in my directory.  And perhaps I don't have "search" permissions
turned on for that user in one or more of the link's parent directories.

I suppose another possiblity would be to associate some more information
with a link.  Perhaps a count of the links that already connect to the file
when the new link is created.  Then the delete permission would apply only
to the link whose "link-count" is zero.  I suppose that would work, but
it violates the principle that all links to a file are created equal.
Besides, where would you put this extra information.  (Of course this is
not a problem for symbolic links.)

The "append" attribute is interesting.  But how often do you really want
to allow a person to "append" to a file but not "write" to it.  Or the
opposite.  Would you let the file owner specify "write" permission, but
not "append"?  And would that prohibit, not just opening for "append", but
opening for "write" and then seeking to the end of file and writing?  Or
for that matter would it prohibit starting at the beginning of the file
and then writing past the end of the file?

As I said, I think the "append" attribute is an interesting idea.  I'm
just not sure how often I'd want to allow append permission and not
write permission (or vice versa).  As for the "delete" attribute, I
really don't think it's a good idea.
-- 
Breck Beatie	    				(408)748-8649
{uunet,ames!coherent}!aimt!breck  OR  breck at aimt.uu.net
"Sloppy as hell Little Father.  You've embarassed me no end."