[OpenAFS-devel] Implied administrative rights

[Steve Brown]

Hi All,
	One of our more clueful users here pointed out that there seems to
be an error in the AFS documentation about whether or not the UNIX owner
of a directory really has implied administrative rights.  The comment
about this appears in the fs setacl docs:

Privilege Required

The issuer must have the a (administer) permission on the directory's ACL;
the directory's owner and the members of the system:administrators group
have the right implicitly, even if it does not appear on the ACL.

	So I investigated:

linux3[3]% mkdir test
linux3[4]% fs la test
Access list for test is
Normal rights:
  system:administrators rlidwka
  system:anyuser rl
  sbrown7 rlidwka
linux3[5]% ls -al test
total 4
drwx------    2 sbrown7  rpc          2048 Feb  7 09:44 .
drwxr-xr-x    6 sbrown7  games        2048 Jan 17 13:15 ..
linux3[6]% fs sa test sbrown7 none
linux3[7]% fs la test
Access list for test is
Normal rights:
  system:administrators rlidwka
  system:anyuser rl
linux3[8]% fs sa test sbrown7 all
fs: You don't have the required access rights on 'test'

	Yep.  Not sure if this is an intended change that didn't get
documented, or if it is something that crept in a while back.

	Most (all?) of the servers are running 1.4.0, and this client is
1.3.85.

Steve Brown
sbrown7@umbc.edu