[OpenAFS-devel] Re: Methods of Restricting AFS3 ACL rights (delegation in AFS)
Andrew Deason
adeason@sinenomine.net
Sun, 17 Jan 2010 18:06:18 -0600
On Sun, 17 Jan 2010 21:51:33 +0000
Adam Megacz <adam@megacz.com> wrote:
>
> Andrew Deason <adeason@sinenomine.net> writes:
> >> AFAIK, a volume is the unit of space management, while a directory
> >> is the unit of access management. [*]
>
> > Currently, yes, in a way you could say that. The difference here is
> > that the described access controls are set by an administrator,
>
> Yes; frankly I think that any proposal to add new features which are
> usable only by members of system:administrators ought to be subject to
> extra scrutiny.
The definition of 'administrator' is deliberately vague. We haven't yet
determined whether or not the person changing the volume policy will be
a member of system:administrators, an SUser, or some to-be-created list
of users. But for the example of a user's home directory or public web
space, it's certainly going to be someone more on the administrator side
than the user themselves.
--
Andrew Deason
adeason@sinenomine.net