[OpenAFS] fs setacl and permissions

Russ Allbery rra@stanford.edu
Thu, 25 Jan 2007 10:15:22 -0800

Juha J=E4ykk=E4 <juolja@utu.fi> writes:

> Perhaps the way to go is groups, although this situation would dictate
> groups with only a single member, but at least memberships can be given
> and taken easily without admin interference. All other situations,
> groups are easier anyway since there are multiple members per group.

We create PTS groups for all shared (group, department, class) directories
in AFS as a matter of course, as part of the process that creates the
initial volume, and give them administrative rights to the top-level
directory.  Naive users who don't think about AFS ACLs will therefore
preserve those rights as they create new directories, and unless some
member of that group intentionally does something strange with ACLs,
handing over ownership is as easy as changing the group membership.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>