Hi Ethan,
> On Tue, Jun 11, 2002 at 10:26:50AM +0200, Matteo Centonza wrote:
> > > user to decide whether another user's files get included in a backup.
> > > This is a decision for the owner or for the administator.
> > >
> >
> > that's quite draconian. I don't know attribute's guts much in details, but
> > maybe you can prevent a user from setting a kind of attribute
> > (using a reserved namespace).
>
> you misunderstand, you must have write permission to the file/dir to
> apply a user.* extended attribute, generally if you can write the
> file/dir you can rm -rf it, or cat /dev/random all over it, so adding
> a DONT_BACKUP attribute is the least of the problems.
>
> however what Ivan was talking about is quite different, say you have
> two people, joe and steve, joe is leading some project, project bar,
> and steve is also working on it, so they have something like:
>
> /home/joe/project-bar (owned by joe)
> /home/joe/project-bar/fubar (owned by steve)
>
> steve has all sorts of things under /home/joe/project-bar/fubar which
> he assumes is being backed up, because the responsible admin backs up
> /home regularly. however it turns out joe smokes a lot of crack on
> free time so does stupid things like marking /home/joe/project-bar
> as DONT_BACKUP, if xfsdump respects this then it will skip
> /home/joe/project-bar and everything under it, including all of
> steves's files in /home/joe/project-bar/fubar.
are you sure you have mastered all details?
Using a reserved namespace, means ``Hey, this is administrator things'',
so it's up to the administrator to set this kind of stuff, not to the
user. With this approach, you're on the safe side IMHO. BTW, if the
administrator smokes Crack then you're toast anyway ;)
> somewhat a contrived example, but i can think of many other cases
> where allowing this sort of thing could be a problem. even more so
> using the user.* attribute since you might have a top level dir
> writable by a group, and various group members have thier own
> directories under that which are not writable by the group, the group
> can prevent the group members files from being backed up.
>
> i think ext2/3 only allow the file owner to set chattr flags like
> nodump, so for directories assuming xfs wanted to support this (in the
> ext2 manner) would need to invent a new system.something namespace just
> for this, that involves kernel bloat.
As you stated above ext* already have a similar feature.
As last, are you sure the needed infrastructure it's still not present
here? (i've not yet found a paper describing the current implementation).
Ciao,
-m
|