[OpenAFS] 2 simple questions

Klaas Hagemann kerberos@northsailor.de
Wed, 16 Nov 2005 14:53:58 +0100

Hi Dirk,

>1) For users home directories in AFS, is it save to remove 
>system:administrators from the ACLs (the users have rlidwka on their 
there is no problem removing system:administrators from acls, this can 
be added from members of system:administrators again with no problems. 
Afaik it is not possible to lock out administrators.

>2) I currently have /afs and /afs/<mydomain> owned by root:root, but 
>i.e. /afs/<mydomain>/data is owned by afsadm:afs (150:150), afsadm being a 
>member of system:administrators. Is it ok to have /afs (the volume, not the 
>mount point) and /afs/<mydomain> be owned by afsadm:afs?
I do not see any problems regarding the ownership of these directories, 
acl's are the important point.

Hopy, i could help.

>	Dirk