"Jonathan S. Shapiro" wrote:
>
> Okay. Here we are getting into something that I'm not clear I understand:
> Object Attributes. There are probably lots of other things I don't
> understand. :-)
>
> At a minimum, we need to know if an object is executable. I think it's safe
> to assume that if the user checks out a copy into a working tree, they can
> modify it. That means that any write protection is convenience rather than
> security. I'm not knocking convenience, but it's useful to know what's
> essential.
Umm. We use CVS to generate stuff that eventually ends up running live. It'd be nice if we could get ownership and permissions built into the CMS system, rather than making it happen externally. I understand that this will not always actually happen (e.g. if non-root checks out, then ownership is likely to end up wrong).
> We need to know type (or filter-set), per previous discussion.
>
> Do we need to preserve modification time?
>
> Problems I see:
>
> 1. Modification time is not uniformly reported. Different platforms track it
> in differing granularity, and I'm suspicious about reliably converting to
> UTC time on various platforms, particularly WinXX. If we need to track this,
> then the best solution I can see is to make a best effort, but check to
> ensure that mod times always increase, and that they don't appear to be in
> the future.
Bzzt! If you force an increase, one incorrect modification time screws you.
> 2. Permissions are not uniformly expressed. One note mentioned mode bits in
> connection with UNIX, but other platforms may use ACLs or something else
> entirely. EROS will use capabilities. Given cross-machine checkouts, it
> seems to me that we want to reduce this to something that has a "lowest
> common denominator" feel. I see a number of cases that I can see how to do
> compatibly across most platforms, and that seem to cover the main cases
> subject to the assumption that a user's working space is per-user.
>
> Object should be writable to user.
> Object should not be writable to user.
> Object should be executable.
>
> For executables, however, we need to go further. An executable is inherently
> machine-dependent. Yes, I know about Java. Statement stands, and Java falls
> into the cases above if you insist. For things that are inherently machine
> dependent I think we can and should record meta-information in
> machine-dependent form. Thus, I think that a checked-in copy of 'gcc' might
> reasonably record as metadata:
>
> platform=i386-linux
> unix.mode=0755
> unix.modtime=some-time
>
> Note that these attribute names explicitly qualify the platform. The whole
> object has no sensible interpretation on other platforms except as opaque
> binary bits, so I don't see a problem with doing this. Because of this,
> modtimes don't need to be recorded in a cross-platform way.
Might be nice to say:
general.mode=executable
unix.mode=0755
for example?
If you are really worried, you could make the protocol include a time check (to within a round trip time or two), and insist that it gets fixed if it fails. This would be a Good Thing in general.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html