[OpenAFS] adding a group to a group?

Lars Schimmer schimmer@cg.cs.tu-bs.de
Tue, 08 Mar 2005 15:21:04 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

First, thx for that long explanation. It helps me a lot right here :-)

Dexter Kimball schrieb:
| Oops.
|
| Omit the comment about "no current support for groups within groups" for
| OpenAFS.  Had my Transarc hat on.  There is a compile-time argument for
| supergroups for OpenAFS.  My bad.  (My bad memory :)
|
| I'm not entirely sure why you want a group that contains all users and all
| IP groups, unless the distinction between "all users in this PT group" and
| "all users authenticated in my cell" is somehow critical to you -- which
| does happen if there are some users in your cell who do have accounts but
| who must be restricted from the "MyCell/system:authuser" groups.  If not,
| why maintain a "all users in my cell" group?  Perhaps I missed something
| earlier in the thread.

There was a misunderstanding on my side for system:authuser. So you helped me on
the right way.
On the note of the mail before, you wrote I have to set system:anyuser none on
every node of every volume.
But if there are no permissions for the system:anyuser users on the fresh
mounted volume (and nor on the "upper" mounts of that volume), do I also have to
set system:anyuser none to explicit forbid them?
E.G.: tree /a/b/c only for group bla permissions write. I mount /a/b/c/d with
group bla write permissions in it. Without setting system:anyuser none, members
of bla could set a link readable for system:anyuser?
And if i set fs setacl /a/b/c/d system:anyuser none, that setting by the members
of bla is prohibited?


| Kim

Thx so far
Lars
- --
- -----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
Tel.: +49 531 391-2109            E-Mail: schimmer@cg.cs.tu-bs.de
PGP-Key-ID: 0xB87A0E03


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCLbTQVguzrLh6DgMRAogAAJwI3ZE/jw3GpTzDajo8CZJeE0okjwCdGMST
okNq1veSWuAFRMCDY3N50rE=
=uRa2
-----END PGP SIGNATURE-----