[cap-talk] OCap directory discussion (was: Waterken Server (was: A paper on web-keys))
Jed Donnelley
jed at nersc.gov
Fri Jan 25 20:36:26 EST 2008
On 1/25/2008 6:35 AM, John Carlson wrote:
> Jed, I think the discomfort with OCap directories may be:
>
> 1. What do I do if I lose my root directory? Is there some way to
> insure that I will never lose it? How do I insure that no one else
> gets access to my root directory? I think people are basically afraid
> of rm -rf /. I used to accidentally delete files all the time. I
> don't really delete files anymore.
>
> 2. Is there some way to insure that I can't delete a directory if
> there's something still in it.
>
> Obviously these problems are solvable.
No more "problems" I believe than in today's systems.
Some 3000 users used such an OCap directory for the
central storage system at LLNL for over 15 years and
so far as I know the above issues were never considered
significant.
As per #2, of course the server could have a policy of
not destroying a directory as long as it had content,
much like on systems today. I don't see any relevant
difference.
As per #1, you mention rm -rf which can be done today.
If by "lose" that is what you mean, of course recovery
from backups, etc. is possible. If my "lose" you
mean 'lose control of' in the sense of somebody or
some program getting access to your root directory
(i.e. the "loose capabilities" fear so oft discussed
on this list) and there wasn't a PDP mechanism
intervening (e.g. like Horton), then you can
destroy the old directory and create a new "root"
directory and then proceed to recover as above.
There can of course be no ultimate loss of control
as long as the physical resources remain under
control, so I think the most substantive issue
is how much work it is to keep effective "control".
I only have my past experience in production systems
to go on, and it wasn't an issue.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list