At Fri, 12 Jul 2013 14:44:31 +0200, Samuel Thibault wrote: > > Neal H. Walfield, le Fri 12 Jul 2013 13:52:17 +0200, a écrit : > > I apologize if you've already explained this someplace else. > > > > If I understand correctly, you want to get all the nodes with active > > and passive translators. This potentially requires scanning every > > inode on an ext3 file system. This could take a very long time. Is > > that really the intention? > > No, just the active ones.
How do you do permission checking? Here's a thought: Consider accessing a file foo/bar/file. If the user specifies the full path, then she needs execute permission on the containing directories. If the path is not known, then to find the file, she also needs read permission on the containing directories. That is, to 'ls foo', she needs read permission on foo, but 'cat foo/bar/file' only requires read permission on foo and bar. Making a directory executable but not readable is a useful way to grant permission by knowledge of a shared secret. If foo is not readable, then a user can only access the contents of foo/bar if they know that foo/bar exists. This is essentially a swiss numbers in the capability world. It seems like the interface that you have created should require read permission on the containing directories. This is okay, but then the caller should be able specify a root to start the search under. This way, she can enumerate all active translators under foo/bar even if she doesn't have read permission on foo. Neal
