[AFS3-std] Per-file ACLs - a few items for discussion

Simon Wilkinson simon@sxw.org.uk
Sun, 28 Jun 2009 16:57:48 +0100


>
> Thinking about this a bit more.  It would be nice if in the future
> version of the AFSFetchStatus structure there was a flag that  
> indicated
> to a client whether or not the access rights specified on the  
> directory
> apply to all of the objects within the directory.   This would make  
> the
> client much more efficient in that case.

I did wonder if one way around this problem might be to define that a  
directory which contains
per-file ACLs has a directory ACL which conveys no permission at all.  
There could then be a separate 'default' ACL managed via the new RPCs.

A client which sets the first per-file ACL in the directory would  
clear the directory ACL, having first warned the user that doing so  
will result in legacy clients being unable to access files in that  
directory.

Thoughts?

S.