[AFS3-std] Per-file ACLs - a few items for discussion

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 26 Jun 2009 13:55:33 -0400


Jeffrey Hutzelman wrote:
> Like it or not, it's what we must do.  Setting this bit is necessary
> to prevent older cache managers from determine file access by looking
> primarily at the user's (presumably cached) access rights on the
> containing directory.  The CM understands that some access is
> controlled by the UNIX u+rw bits on the file and by the AFS 'a' ACL
> bit on the file, but to get it to handle AFS access rights on a
> per-file basis, the VLF_DFSFILESET flag must be set.
I assume this flag is going to be triggered by upgrading the VLDB
servers to set it.  We can't guarantee that file servers and VLDB
servers will be updated at the same time.  It is frequently the case
that VLDB servers are upgraded long after the file servers are.   This
is an implementation detail we are going to have to pay attention to
from a documentation perspective if nothing else.

Jeffrey Altman