[OpenAFS-devel] posix chown again

Michael Meffie mmeffie@sinenomine.net
Tue, 28 Oct 2008 09:57:46 -0400 

Simon Wilkinson wrote:
> 
> On 27 Oct 2008, at 15:15, Michael Meffie wrote:
>> Jeffrey Hutzelman wrote:
>>> --On Monday, October 20, 2008 09:51:15 AM -0400 Michael Meffie 
>>> <mmeffie@sinenomine.net> wrote:
>>>> Since the C acl is documented as having no default meaning,
>>>> this is conditionally compiled into the fileserver with
>>>> the --enable-posix-chown option (disabled by default).
>>> As discussed at the recent hackathon, the bit to be used should be 
>>> determined at configure time, rather than being hard coded.  This 
>>> allows sites that wish to use this feature to map it onto an ACL bit 
>>> they are not already using.  Thus, one would have to configure with 
>>> an option like --enable-posix-chown=C (with legal values being 
>>> [ABCDEFGH] and "no", and maybe even 'a' or 'w', but not "yes").
>>
>> The attached patch includes the code to set which ACL bit is to
>> be used. The configure switch has been changed to 
>> --enable-permit-chown-acl
>> which can be used to specify which ACL bit is used and defaults
>> to disabled.
> 
> Please, please, please don't make this configurable. From a user 
> experience point of view it's horrific. Having the ACL bit which 
> controls this behaviour differ between cells (and even between 
> fileservers) will confuse any user who moves between sites, or even who 
> reads a different site's documentation when trying to come to grips with 
> AFS. It spectacularly violates the principle of least surprise.

All good points. I've found even testing of this patch to be
interesting, something which we probably want to avoid for
a security sensitive change.


> We should either pick a bit, and make it globally consistent (and 
> reserved on those fileservers which don't enable the behaviour), or 
> defer this feature until we have more ACL bits to play with.

What would the process be to pick a bit? Derrick originally suggested
'C', which seems to be a fine choice and easy to remember.

How could we have more ACL bits to play with? Does that entail
an on disk format change?

Mike --