[OpenAFS] ACLs not working on afs volumes! Help!

[Derrick J Brashear]

On Thu, 19 Aug 2004, matt cocker wrote:

> The problem is that users can give themselves more priviledges than you set 
> if they own the mountpoint. We wanted to stop users adding mountpoints to 
> their homedirectories and removing the admin acl prevents this but the users 
> can just give themselves admin access and do it anyway.

So don't chown the mountpoint to the user.

> I guess we will just change the way we do things. We can make the unixhome 
> directory owned by the user but the mount point of the user volume can be 
> owned by nonuser.

Yup.