Site Specific ACL Bits/chown: Was: [OpenAFS-devel] posix chown again

[Jeffrey Hutzelman]

--On Monday, December 08, 2008 06:36:32 PM -0500 Derrick Brashear 
<shadow@gmail.com> wrote:

> At risk of receiving a roasting myself, I will say that I have grave
> concerns at loading the gun that will enable sites, even ones who may in
> fact know what they are doing, to shoot themselves in the foot. You always
> do have the option of applying a patch, and it may make sense to make the
> build framework we provide able to do that. That doesn't mean every patch
> should be included.
>
> In any case, my concerns here include what happens if all servers are not
> running the same version, and when a user uses sites which differently
> bind ACL bits. I'd rather see a capability, a new RPC which binds a
> current ACL bit to a purpose, and, minimum, changes to fs which disallow
> setting ABCDEFGH and instead make you tell it something like "chown"
> where you'd want this bit set much like "lookup" means "l".

"lookup" doesn't mean "l".
"lookup" means "fs: illegal rights character 'o'"

In any case, I get the idea, and was thinking along similar lines.  But 
it's way more complexity (and will take longer to do) than this patch 
needs, and I have no idea what a reasonable interface for 'fs sa' would 
look like when ACL bits can have multi-character names.  Bear in mind that 
there are many many things which create and process ACL text, and that the 
textual representation of ACL's is part of the protocol, so we're probably 
talking about adding new interfaces rather than changing existing ones.

-- Jeff