[OpenAFS] Implicit privilege to do "fs setacl" in a directory
Frederic Gilbert
Frederic.Gilbert@inria.fr
Tue, 23 Jan 2007 17:49:05 +0100
Hi,
From our AFS experience since Transarc, and from the documentation,
we believed that, to apply "fs setacl" on a directory:
Issuer must have ADMINISTER rights to the directory; the
directory's owner and members of system:administrators
always do.
Recently, with 1.4.1 servers and 1.4.2 clients, one of our users has not
been able to do a "fs sa" on a directory, while he was the directory's
owner, but was not in the ACL table. Further tests confirmed that being
the directory's owner does not give (any more?) the "fs sa" privilege on
the directory.
On the other hand, we found out that one can apply "fs sa" on a
directory, even if he is not in the ACL table, and even if he is not the
directory's owner, but if he is the owner of the mounting point of the
volume where the directory resides.
Is it a feature change that we have missed?
Best regards,
Frederic Gilbert.