[OpenAFS] 2 simple questions

Russ Allbery rra@stanford.edu
Wed, 16 Nov 2005 10:25:50 -0800

Klaas Hagemann <kerberos@northsailor.de> writes:
> Hi Dirk,

>> 2) I currently have /afs and /afs/<mydomain> owned by root:root, but
>> i.e. /afs/<mydomain>/data is owned by afsadm:afs (150:150), afsadm being
>> a member of system:administrators. Is it ok to have /afs (the volume,
>> not the mount point) and /afs/<mydomain> be owned by afsadm:afs?

> I do not see any problems regarding the ownership of these directories, 
> acl's are the important point.

Be aware that if afsadm owns the top level directory of those volumes,
afsadm will be able to change the ACLs in those volumes regardless of
ACLs.  Since it's a member of system:administrators anyway, that shouldn't
be a problem, but it's something to keep in mind.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>