[OpenAFS-devel] Re: Methods of Restricting AFS3 ACL rights (delegation in AFS)
Adam Megacz
adam@megacz.com
Sun, 17 Jan 2010 21:51:33 +0000
Andrew Deason <adeason@sinenomine.net> writes:
>> AFAIK, a volume is the unit of space management, while a directory is
>> the unit of access management. [*]
> Currently, yes, in a way you could say that. The difference here is that
> the described access controls are set by an administrator,
Yes; frankly I think that any proposal to add new features which are
usable only by members of system:administrators ought to be subject to
extra scrutiny.
The worldview of "administrators and users" is a bit limiting; in real
life there are a lot of roles on the spectrum in-between. Supporting
this workstyle (by letting non-superusers create pts groups, manipulate
ACLs, etc) has always been one of AFS's great strengths. It would be a
shame to erode it.
- a