[OpenAFS] Re: fs setacl and permissions

Derrick J Brashear shadow@dementia.org
Wed, 31 Jan 2007 14:29:24 -0500 (EST) 

On Wed, 31 Jan 2007, Todd M. Lewis wrote:

>>> I see a need for both solutions.  Would it be possible to change the
>>> behaviour on a per-fileserver basis?  That you could allow one scenario
>>> on volumes on fileserver a and allow the other on fileserver b.
>>> 
>>> Perhaps a flag to the fileserver on start-up to select which method the
>>> cell admin would like?
>> 
>> the problem is the right way is per-volume, but per-fileserver is probably 
>> the best we can do today. anyone want to code it? (i can code it, it's like 
>> 5 minutes work, but testing is a little more)
>
> Is this really a good idea?

Not especially, but people love being able to shoot themselves in the 
foot. When I recovered from my old life I realized you can only try so 
hard to protect someone from themselves.

> Will vos move give a warning when moving a volume 
> from one flavor of server to another?

Presumably not. If it did, so what?

> What happens when a server is rebooted 
> with the flag switched? Would we need some kind of flag on the volume itself 
> to say what kind of behavior is expected? This may be a 5 minute change, but

We do need one, but it's rather harder to do, and won't help people who 
want something now.

> recovery may take years. Maybe with a little more thought we can come up with 
> a way to get the specific desired behavior without making multiple flavors of 
> file servers (and avoid the resulting confusion that will ensue).

Oh, we absolutely can. This is really more of a caveat emptor sort of 
feature. Right now we can upset the people who need the documented 
behavior or the people who need the current (undocumented) behavior. If we 
make this change, without any change other than to the fileserver binary 
and it's switches at invocation we can upset the people who run a mixed 
environment and are careless about what they put where. Doing it right 
means not just more work (some of which is properly lumped in with other 
work which I don't think we're prepared to do just yet) but more 
deployment hassles (basically, you'll need a new vos). The "hack" way is 
clearly a hack, but if you can read enough to flip switches, you can read 
enough to know what you got yourself into.