[OpenAFS-devel] feature idea...

[Nathan Neulinger]

Something I was thinking about recently after a slew of instances of
users granting rlidwka access to system:anyuser for their cgi
directories is a possible feature idea. (We provide tools for handling
the file write access issue to authorized individuals.)

What would folks think of a feature that would optionally prohibit non
system:administrators users from setting an acl on a directory beyond a
maximum configured on the server. i.e.

fileserver ... -anyuser_prohibit idwa -authuser_prohibit idwa ...

The above would prevent granting system:anyuser i, d, w or a rights on a
dir. Similar for any system:authuser group. 

The idea being that if in the strange case that a person really wants to
grant that level of access, they can get an admin to do it, otherwise
the action is blocked to protect the users. Seems like this would be a
relatively easy feature to implement. 

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216