[AFS3-std] Re: "l" permissions are not actually weaker than we're telling people

Derrick Brashear shadow@gmail.com
Mon, 18 Jan 2010 15:22:26 -0500


> documenting explicitly 'removing l doesn't remove all rights in
> descendants' is probably a good idea. I'm not aware of anywhere we
> suggest otherwise, but people tend to think that anyway. It's hard
> enough to get people not to trust ACLs in "parent" volumes because they
> don't realize volumes could be mounted from anywhere.

I don't feel that "ACLs are inherited at descendent-creation time" is
a security concern so much as
"you should knoq how this works"; In that sense, yes, if it's not
documented, it should be.