[OpenAFS] anon FTP upload directory ACL

Derek Atkins warlord@MIT.EDU
01 Jun 2002 22:15:36 -0400

>From a security standpoint I think it's a good idea to have this
functionality.  I'd like to see it in OpenAFS.


Garry Zacheiss <zacheiss@MIT.EDU> writes:

> >> > ISTR there were two ways of doing implicit-admin.  One was by directory
> >> > ownership, the other was volume ownership.  I thought in the end it was
> >> > by-volume, but perhaps that was just an MIT Security patch that was
> >> > never accepted back into the mainline (and yes, IMHO is it a security
> >> > bug that you mkdir foo and then control the acl on foo).
> >>
> >> I'm definitely inclined to agree with you; I can't ever remember wanting
> >> the current behavior as opposed to just watching out for it.  Maybe that
> >> patch should go into OpenAFS.
>    The patch Derek refers to is definitely an MIT-local patch that was
> never accepted back by Transarc.  If there's interest in it, I can
> happily commit it to the OpenAFS mainline, although I wouldn't expect it
> to appear in a stable release until 1.4.x.
> Garry
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available