[OpenAFS-devel] Re: [PATCH] PAG support, try #2

[Trond Myklebust]

>>>>> " " == Ingo Oeser <ingo.oeser@informatik.tu-chemnitz.de> writes:

     > On Wed, May 14, 2003 at 06:37:00PM +0100, David Howells wrote:
    >> And then you have to have some method of prioritisation. You
    >> may find that user dhowells has a token for
    >> (fs=AFS,cell=redhat.com) and group engineering has a token for
    >> (fs=AFS,cell=redhat.com). Which do you use?

     > Union of both. And remember to subtract negative ACLs from
     > positive ACLs. Prioritize users over groups in case of explicit
     > mention.

     > This is standard permission checking.

     > Hmm, sounds too simple, so it must be wrong ;-)

Quite. Now that you've done the math, please explain how this should
be implemented efficiently. These are *networked* filesystems...

Cheers,
  Trond