[OpenAFS] Implied 'a' rights?
Jeffrey Hutzelman
Jeffrey Hutzelman <jhutz@cmu.edu>
Thu, 26 Jul 2001 17:27:12 -0400 (EDT)
On 26 Jul 2001, Patrick J. LoPresti wrote:
> "Neulinger, Nathan" <nneul@umr.edu> writes:
>
> > > In my ideal world, having 'a' rights on a directory would
> > > automatically imply 'a' rights to every directory within. That would
> > > allow us to dish out administrative control from any point in AFS
> > > space all the way down.
> >
> > It does, but for obvious reasons, it doesn't cross mount points. (It
> > doesn't actually grant the A right, but you can certainly grant it
> > yourself.)
>
> Forgive me, but I do not see how that is obvious. Even if a volume is
> mounted in multiple places, the ".." entry in that volume refers to
> *something*; you could allow 'a' rights on that something to imply 'a'
> rights on the volume.
What you're missing is that the fileserver treats each volume
independently. It doesn't know anything about mount points -- traversal
of mount points is handled entirely by the clients. In the volume as it
lives on disk (and over the wire), the '..' entry in a volume root refers
back to the volume root, just as it would in a UNIX filesystem. The
handling of '..' in volume roots is done by the client (as, for that
matter, all directory following).
FWIW, there are three cases where someone gets implicit 'a' rights:
- the owner of a directory gets implicit 'a' rights on that directory
- the owner of a volume (same as the owner of its root directory)
gets implicit 'a' rights on every directory in that volume.
- members of system:administrators get implicit 'a' rights on every
directory in every volume
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA