non-superuser chown(2)s considered harmful

[Dan Bernstein]

In article <1990Dec09.043647.25826 at iecc.cambridge.ma.us> johnl at iecc.cambridge.ma.us (John R. Levine) writes:
> Does anyone really do quota accounting by the UID of the file?  Consider
> the following scenario: User A creates a large file.  User B links to it.
> User A then deletes the original link.  If you charge by uid, user A is
> charged for the file even though she has no control over it any more, and
> might not even be able to see that it exists, depending on B's directory
> protections.

That's not an argument against normal quota accounting. It's an argument
for a user to have better control over files he owns. Somewhere in my
BSD-extensions list is a destroy(fd) system call to eliminate all
references to a given file other than the current descriptor. There's
also openfuid()/readfuid()/closefuid() to walk through all files owned
by a given user/group/ACL/everybody/whatever in inode order.

---Dan