[AFS3-std] Re: Methods of Restricting AFS3 ACL rights (delegation
in AFS)
Adam Megacz
adam@megacz.com
Mon, 18 Jan 2010 00:44:01 +0000
Andrew Deason <adeason@sinenomine.net> writes:
>> Andrew Deason <adeason@sinenomine.net> writes:
>> >> AFAIK, a volume is the unit of space management, while a directory
>> >> is the unit of access management. [*]
>>
>> > Currently, yes, in a way you could say that. The difference here is
>> > that the described access controls are set by an administrator,
>>
>> Yes; frankly I think that any proposal to add new features which are
>> usable only by members of system:administrators ought to be subject to
>> extra scrutiny.
>
> The definition of 'administrator' is deliberately vague. We haven't yet
> determined whether or not the person changing the volume policy will be
> a member of system:administrators, an SUser, or some to-be-created list
> of users.
Good point. I should have phrased my comment in terms of "any single
site-wide list" rather than "system:administrators".
- a