[OpenAFS-devel] Re: Methods of Restricting AFS3 ACL rights (delegation in AFS)

Adam Megacz adam@megacz.com
Sun, 17 Jan 2010 21:51:33 +0000


Andrew Deason <adeason@sinenomine.net> writes:
>> AFAIK, a volume is the unit of space management, while a directory is
>> the unit of access management. [*]

> Currently, yes, in a way you could say that. The difference here is that
> the described access controls are set by an administrator,

Yes; frankly I think that any proposal to add new features which are
usable only by members of system:administrators ought to be subject to
extra scrutiny.

The worldview of "administrators and users" is a bit limiting; in real
life there are a lot of roles on the spectrum in-between.  Supporting
this workstyle (by letting non-superusers create pts groups, manipulate
ACLs, etc) has always been one of AFS's great strengths.  It would be a
shame to erode it.

  - a