[tahoe-dev] Tahoe Access Control
David-Sarah Hopwood
david-sarah at jacaranda.org
Sat Jun 4 15:40:34 PDT 2011
On 03/06/11 01:38, Greg Troxel wrote:
> Shawn Willden <shawn at willden.org> writes:
>> On Thu, Jun 2, 2011 at 4:48 PM, Greg Troxel <gdt at ir.bbn.com> wrote:
>>
>>> But when they look up a subdirectory in the
>>> directory, do they somehow get a readcap, or do they get the writecap?
>>
>> They get a readcap.
>
> So with a writecap, a read operation returns the subdir writecap?
> Do directories have both, always?
Usually, but not always. If you specify a writecap when putting a
child in a (mutable) directory, then the directory will store both
the readcap and the writecap. The writecap will be encrypted
(independently of the encryption of the whole directory contents)
so that only holders of the parent directory writecap can access it.
If you specify a readcap when putting a child in a directory, then
the directory will store only the readcap, and the writecap "column"
will be blank. The child might actually be mutable and have a writecap,
but it will not be writeable via that directory.
It is also possible to put an unknown cap, i.e. one not recognised by
the version of Tahoe running the gateway, into a directory, provided
that it is prefixed with "ro." asserting that it is a readcap.
Immutable directories can only contain readcaps for immutable objects.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 294 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20110604/be1552a9/attachment.pgp>
More information about the tahoe-dev
mailing list