[OpenAFS-devel] Re: Alternative to PAGs

Russ Allbery rra@stanford.edu
Thu, 15 May 2003 17:46:48 -0700


Garance A Drosihn <drosih@rpi.edu> writes:

> What AFS does not want is for a single process to be drosehn@rpi.edu and
> linus@rpi.edu at the exact same time.  That is to avoid the question of
> what open() should do on a file which is permitted:

>      drosehn rlidwka
>      linus   none

An even better example without an obvious answer (which in this case is
that the open should be allowed, since that ACL says that drosehn should
be able to open the file and says nothing about linus) would be if linus
had negative rights (in other words, if the ACL actively asserted that
linus should *not* be able to open the file regardless of the other ACLs).

AFS supports the notion of negative rights primarily in combination with
groups, so you can have a situation like:

    Normal rights:
        organization:itss rlidwka

    Negative rights:
        rra rlidwka

where rra is a member of organization:itss.  rra will be denied access to
that directory despite the fact that his membership in organization:itss
would normally give him full rights.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>