[OpenAFS] fs setacl and permissions

Juha Jäykkä juolja@utu.fi
Thu, 25 Jan 2007 16:17:37 +0200

Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable


All the documentation I've encountered insists that the directory owner
has implicit "a" permission to the directory. I know this no longer
applies (as of 1.4.something, where something <=3D 2, since 2 is what we
use). While this probably should be reflected in the documentations, it
makes me wonder...

How are the ACLs supposed to be managed now? Just giving the user
ownership (with chown) no longer suffices. Also, giving the user "all"
permission to a directory does *not* seem to allow the user to change the
ACL:s of the directory's subdirectories. I.e. the following does not work:

as a member of system:adminstrators, do

mkdir /afs/cell/dir
mkdir /afs/cell/dir/dir2
fs setacl /afs/cell/dir user all

as user, do

fs setacl /afs/cell/dir/dir2 anyone anything

to get

fs: You don't have the required access rights on ...

Is there now now way of transferring a directory tree from user1 to user2
without the administrator manually (or with find /tree -type -d exec ...)
changing the permissions of all the directories in the tree?

In previous versions there were two ways of doing this: either user1
would chown the directory to user2 (if giving away directories with chown
was allowed in the first place) or user1 asks the administrator do the
chown (if giving away directories is disallowed). The former method had
the upside of not burdening the administrator with something that's not
supposed to be the admin's task anyway. Furthermore, neither method
required changes to the ACL - which is some cases is desired and in some
cases not, it depends.

What's the corresponding procedure now? Preferably one which does not
involve the administrator at all.


                | Juha J=C3=A4ykk=C3=A4, juolja@utu.fi			|
		| Laboratory of Theoretical Physics		|
		| Department of Physics, University of Turku	|
                | home: http://www.utu.fi/~juolja/              |

Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

Version: GnuPG v1.4.6 (GNU/Linux)