[OpenAFS-devel] feature idea...
Nathan Neulinger
nneul@umr.edu
08 May 2003 18:41:36 -0500
Something I was thinking about recently after a slew of instances of
users granting rlidwka access to system:anyuser for their cgi
directories is a possible feature idea. (We provide tools for handling
the file write access issue to authorized individuals.)
What would folks think of a feature that would optionally prohibit non
system:administrators users from setting an acl on a directory beyond a
maximum configured on the server. i.e.
fileserver ... -anyuser_prohibit idwa -authuser_prohibit idwa ...
The above would prevent granting system:anyuser i, d, w or a rights on a
dir. Similar for any system:authuser group.
The idea being that if in the strange case that a person really wants to
grant that level of access, they can get an admin to do it, otherwise
the action is blocked to protect the users. Seems like this would be a
relatively easy feature to implement.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216