[OpenAFS] ACLs not working on afs volumes! Help!

matt cocker matt@cs.auckland.ac.nz
Thu, 19 Aug 2004 11:35:59 +1200


> Well, sometimes users do not understand ACLs and accidentally remove 
> themselves from their own directory.  Its nice to not have to have an 
> admin fix it.

The problem is that users can give themselves more priviledges than you 
set if they own the mountpoint. We wanted to stop users adding 
mountpoints to their homedirectories and removing the admin acl prevents 
this but the users can just give themselves admin access and do it anyway.

I guess we will just change the way we do things. We can make the 
unixhome directory owned by the user but the mount point of the user 
volume can be owned by nonuser.

Cheers

Matt