[OpenAFS-devel] Re: Alternative to PAGs
Russ Allbery
rra@stanford.edu
Thu, 15 May 2003 17:46:48 -0700
Garance A Drosihn <drosih@rpi.edu> writes:
> What AFS does not want is for a single process to be drosehn@rpi.edu and
> linus@rpi.edu at the exact same time. That is to avoid the question of
> what open() should do on a file which is permitted:
> drosehn rlidwka
> linus none
An even better example without an obvious answer (which in this case is
that the open should be allowed, since that ACL says that drosehn should
be able to open the file and says nothing about linus) would be if linus
had negative rights (in other words, if the ACL actively asserted that
linus should *not* be able to open the file regardless of the other ACLs).
AFS supports the notion of negative rights primarily in combination with
groups, so you can have a situation like:
Normal rights:
organization:itss rlidwka
Negative rights:
rra rlidwka
where rra is a member of organization:itss. rra will be denied access to
that directory despite the fact that his membership in organization:itss
would normally give him full rights.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>