[OpenAFS] Implicit privilege to do "fs setacl" in a directory

Derrick J Brashear shadow@dementia.org
Wed, 24 Jan 2007 11:32:30 -0500 (EST)


On Wed, 24 Jan 2007, Frederic Gilbert wrote:

> Derrick J Brashear wrote:
>>> On the other hand, we found out that one can apply "fs sa" on a
>>> directory, even if he is not in the ACL table, and even if he is not the
>>> directory's owner, but if he is the owner of the mounting point of the
>>> volume where the directory resides.
>> 
>> The latter behavior was always true. the change to the former is new in 
>> 1.4, i don't remember the rationale but it was discussed on the list.
>
> Thank you for your answer.
> I tried to look for the discussion on -info and -devel with some obvious 
> keywords, but did not found it (I will try my luck again later).
> However, unless I missed something again, the files documenting "fs setacl" 
> in openafs-1.4.{1,2}-doc.tar.gz always speak only about directory's owner 
> (the three lines in my original post), which is confusing.
>

I'm not arguing your point. We should fix one or the other, though, I'm 
not sure which. I will try to find the discussion.