1 = Users = 2 3 Since filesystems such as ext2 employ the concepts of users and groups, and 4 since access to such filesystems might be expected to respect the recorded 5 user and group metadata, permitting or denying access to objects as 6 appropriate, the need arises to define a user identity to control access to a 7 filesystem server and the filesystem objects it exposes. 8 9 == Opener Configuration == 10 11 Consequently, a filesystem server may not provide direct access to a 12 filesystem. Instead, it may only expose the [[Components#Filesystems| 13 `Filesystem`]] interface which provides the `open_for_user` operation. This 14 operation is used to configure an [[Components#Openers|`Opener`]] that 15 provides the actual interface for filesystem access as performed by a 16 particular user. 17 18 Since the `open_for_user` operation involves the indication of an arbitrary 19 user identity, a server providing the `Filesystem` interface should only be 20 exposed to appropriately privileged components. An `Opener` obtained from the 21 operation can then be presented to a less privileged component. 22 23 == User Structure == 24 25 Ordinarily, user information is exchanged using a `user_t` structure defined 26 in [[Libraries#libsystypes|`libsystypes`]] with the following members: 27 28 || '''Member''' || '''Description''' || 29 || `uid` || User identifier || 30 || `gid` || Group identifier || 31 || `umask` || File mode creation mask || 32 33 The information broadly follows that of a traditional Unix system. Other 34 information, such as supplementary groups might conceivably be provided to the 35 filesystem server separately. Indeed, the user structure might be simplified, 36 removing the primary group information and providing this separately, too. 37 38 == Opener Configuration in Ned == 39 40 The following example illustrates the configuration of an opener and the 41 provision of the opener to a new task in the Lua-based scripting environment 42 of the Ned component in L4Re: 43 44 {{{ 45 -- Obtain user filesystems with umask 0022 (18). 46 47 local open_for_user = 6; 48 local ext2svr_paulb = L4.cast(L4.Proto.Factory, ext2svr):create(open_for_user, 1000, 1000, 18); 49 50 l:startv({ 51 caps = { 52 server = ext2svr_paulb, 53 }, 54 log = { "client", "g" }, 55 }, 56 -- program, file to create 57 "rom/dstest_file_client", "home/paulb/new file"); 58 }}} 59 60 Here, `ext2svr_paulb` is an opener configured for the user `paulb` who has 61 user and group identifiers of 1000. Since the Lua environment emphasises the 62 L4Re factory mechanism, and since factory operations involve the use of L4Re 63 variable-sized arguments ("vargs") as parameters, the signature of the factory 64 version of the operation consists of the individual elements of the user 65 abstraction: 66 67 {{{ 68 open_for_user(in ipc_varg_sys_uid_t uid, 69 in ipc_varg_sys_gid_t gid, 70 in ipc_varg_sys_mode_t umask, 71 out cap opener) 72 }}}