[OpenAFS] Re: chown()
Wed, 28 Mar 2007 17:56:39 -0400
On Thursday, March 22, 2007 09:55:22 PM -0700 Adam Megacz
> Ryan Underwood <firstname.lastname@example.org> writes:
>> Wouldn't it make sense for a user with 'admin' ACL to be able to
>> chown() files, as long as the target ID is his own userid?
> Even better: let any user who can write to the file change its owner.
> Unless I'm mistaken, if:
> 1. your clients are all set to ignore the setuid bit (which is now
> the default)
> 2. you disable the "owner of volume root has 'a' rights" behavior
> ... then the unix owner/group of a file is reduced to meaningless
> bookeeping to make AFS "look UNIXy" -- the same status the go+rwx bits
> (and sticky bit?) currently have.
Not true. There are a number of subtle uses of file owners in AFS,
particularly with regard to how directories work where you have 'i' but not
'w'. However, I don't see any harm to allowing anyone with 'a' rights on a
file to change its owner, provided this causes the setid bits to be cleared.