TFProtocol Secure Filesystem
The TFProtocol Secure Filesystem, now on: TFPSFS, is intended to provide a way to set permissions for a directory based on defined identities and their assigned permissions. It works as follow:
A directory that belongs to this domain will contain inside of it three files: .securefs_metadata, .securefs_metadata.rd, .securefs_metadata. lck. Whit those three files the system guarantee the usage of TFPSFS.
The commands that works with this domain has a tag indicated their support. If a command is executed on a directory that do not has those files, the command is executed as always. If a command that support TFPSFS and the directory in which is executed belongs to the that domain -contains the 3 files-, the command will check for permission as follow: It will check it’s identity set by SETFSID command against the directory permissions. If the identity exist, but has not enough permissions, the command will fail. If the identity does not exist and -everybody else- identity exist for that directory, it will be used. If the -everybody else- identity has not enough permissions for the operation, the command will fail. If neither the identity set by SETFSID or the -everybody else- identity exists, the command will fail. If the command does not support TFPSFS and the directory in which is executed belongs to TFPSFS, the command will fail.
The security permission is a 32bit unsigned integer bitwise OR mask of the following values:
Set identity and it’s permissions for the directory.
SECFS_SETPERM = 1
To use it, requires that the process identity set by SETFSID has this permission to operate in the directory, or be the first time SETFSPERM is called for the directory. Unlike other commands, if the identity set by SETFSID does not have it, it will not fall through to ‘everybody else’ identity.
Remove identity and it’s permissions for the directory.
SECFS_REMPERM = 2
To use it, requires that the process identity set by SETFSID has this permission to operate in the directory. Unlike other commands, if the identity set by SETFSID does not have it, it will not fall through to ‘everybody else’ identity.
Set Read permission for files in the directory.
SECFS_RFILE = 4
Set Write -Create, Truncate, etc.- permission for files in the directory.
SECFS_WFILE = 8
Set List permission for files in the directory.
SECFS_LDIR = 16
Set Remove Directory permission for directories in the directory.
SECFS_RMDIR = 32
Set Make Directory permission for directories in the directory.
SECFS_MKDIR = 64
Set Delete permission for files in the directory.
SECFS_DFILE = 128
Set STAT permission for files and directories in the directory.
SECFS_STAT = 256
Set File Updating Timestamps permission for files and directories in the directory.
SECFS_FDUPD = 512
Set UNIX permission changing for files and directories in the directory.
SECFS_UXPERM = 1024
Set List Directory Recursively permission for files and directories in the directory.
SECFS_LRDIR = 2048
Whenever this mask is used it must be converted to it’s string base10 representation. For example, to use it in the SETFSPERM command. In the future many other permissions could be added to those above indicated.
The -everybody else- identity is set by calling the SETFSPERM only with the mask, leaving in blank the identity part:
SETFSPERM :128 /path/to/dir.
It can be removed by calling REMFSPERM leaving the identity part in blank:
REMFSPERM ‘white-space here’ /path/to/dir
The -everybody else- identity, as stated before, is used to provide a last-resource permission for a process. This requires that the directory has the -everybody else- identity set. It cannot be used with the SETFSPERM and REMFSPERM commands even if those permissions are set for the -everybody else- identity.
A note of caution:
Be aware that TFProtocol can only enforce the security provided by TFPSFS in the Main Command Interface. The extended subsystems are not compelled to enforce it. If some subsystem is going to be used along with the TFPSFS feature, the subsystem documentation must be carefully read.
