[OpenAFS-devel] Re: Methods of Restricting AFS3 ACL rights

[Adam Megacz]

Derek Atkins <warlord@MIT.EDU> writes:
> I don't think it would be possible to have a transitive acl across a
> mountpoint boundary, because a volume can be mounted in multiple
> locations.

Agreed; I should have mentioned that.

I keep a set of notes on what I would do differently if AFS were
completely rebuilt from scratch without any backward-compatibility
concerns.  If each volume had some sort of secret access key (retrieved
by the CM via its mountpoint in some other volume) it would be possible
to control who is allowed to create a mountpoint pointing *to* a
particular volume.  But the means to do so goes way outside the existing
AFS infrastructure.

  - a