[OpenAFS-devel] Re: [PATCH] PAG support, try #2

Ingo Oeser ingo.oeser@informatik.tu-chemnitz.de
Thu, 15 May 2003 13:18:25 +0200


On Wed, May 14, 2003 at 06:37:00PM +0100, David Howells wrote:
> And then you have to have some method of prioritisation. You may find that
> user dhowells has a token for (fs=AFS,cell=redhat.com) and group engineering
> has a token for (fs=AFS,cell=redhat.com). Which do you use?

Union of both. And remember to subtract negative ACLs from
positive ACLs. Prioritize users over groups in case of explicit
mention.

This is standard permission checking.

Hmm, sounds too simple, so it must be wrong ;-)

Regards

Ingo Oeser