[AFS3-std] Re: Methods of Restricting AFS3 ACL rights
Adam Megacz
adam@megacz.com
Sat, 16 Jan 2010 05:10:21 +0000
Andrew Deason <adeason@sinenomine.net> writes:
> The explanation for the various methods now exists as an Internet
> Draft, and can be found here:
AFAIK, a volume is the unit of space management, while a directory is
the unit of access management. [*]
Solving the problem being discussed while retaining this distinction
would involve:
1. Allowing transitive ACLs. Semantically, a transitive positive
(negative) ACL has the same effect as if it were appended to the
list of positive (negative) ACLs of every subdirectory.
2. Allowing for complement principals. Semantically, an ACL
mentioning the complement of a pts group applies to all users who
are not in that group.
Then one can:
fs sa /afs/@cell/web/ !system:authuser a -negative -transitive
That said, this is a huge amount of work to implement, and maybe even
impossible to implement without creating incompatibilities.
So perhaps
a hack based on volume boundaries is the best compromise.
- a
[*] The only two exceptions I know of are the "implicit ACL"
http://www.dementia.org/twiki/bin/view/AFSLore/UsageFAQ#2_21_What_meaning_do_the_owner_g
and the fact that you can't revoke "l" permissions from the "parent
directory" of the root directory of a volume.