PWD gives getwd: couldn't open .. on world r-x root directories

Sun Nov 6 11:41:10 AEST 1988

>>It seems odd that the permissions of the mount point affect access to the
>>mounted file system.  Is this a bug or feature?
>This is a feature.  The permissions of the mount point determine the permission
>of the directory after the mount.  The permission on the raw disk only control
>access to that disk device as if it was a file.

The permission on the raw disk doesn't enter into it.  The most
straightforward model of file system behavior would say that the
permissions *on the root directory of the mounted file system* should be
the only ones that control whether you should be able to find ".." or not.

In fact, at least under SunOS 4.0 (and probably under other systems),
the permissions on the mount point only affect *certain* accesses.  If I
have a mount point of mode 0, and I mount another file system atop it
whose root directory has permissions "rwxrwxrwx", I have no problems
creating or removing directories in that root directory, regardless of
whether I'm "root" or not.  I just can't get at ".."

This appears to be because the code that special-cases ".." (this
special case has been there since V7, in order that references to ".."
in the root directory of a mounted file system work the same as
references to ".." elsewhere), when it notices that it will be searching
for "..", checks whether the directory being searched is the root of a
mounted file system; if so, it finds the mounted-on vnode, and searches
that for ".." instead.  This means that it checks the permissions of
that directory, instead of the permissions of the root directory of the
mounted file system.

(I am surprised, however, at the claim that VAX 4.3BSD exhibits this
behavior; the 4.3BSD "namei" appears to specifically *avoid* permissions
checks before searching a mount-point directory (that's what the label
"dirloop2" is for - you go to "dirloop" to check permisions before
continuing the search, and "dirloop2" to bypass the permissions check).
Perhaps the 4.3BSD system really was, say, 4.3BSD+NFS, complete with the
vnode changes, so it exhibits the same symptoms as SunOS?)

There are ways of fixing this problem in a vnode kernel if the
mounted-on file system is a local file system; you can tell that file
system to bypass permission checks if the vnode you're searching is a
".." vnode.  The VOP_LOOKUP operation has a "flags" parameter, and a
LOOKUP_PARENT flag could be added.

This would work for local file systems; if LOOKUP_PARENT were specified,
the code would just bypass the "do I have search permission" check. 
However, this won't necessarily work for, say, a remote file system,
because you have to convince the *server* that you really should be
allowed to search that directory because really, officer, I'm just
looking for "..", honest, trust me....  The server is quite likely not
to be amused by such a request. 

The current NFS protocol has no way of saying "just give me '..'".  The
last draft of the proposed NFS version 3 protocol has this option; the
"lookup" call has a "give me the parent of this directory" flag (stuck
in so that you don't hardcode the UNIX notion that ".." means "parent
directory" into the protocol), so it might be possible to use this with
NFS3. 

I don't know whether AT&T's RFS has a "give me the parent directory"
request, but if it does, a vnode implementation of RFS would use it when
the LOOKUP_PARENT was passed.