[OpenAFS] user-visible change suggestion for fs setacl
Wed, 17 Dec 2008 09:48:59 +0100
On Wed, Dec 17, 2008 at 03:09, Stephen Joyce <firstname.lastname@example.org> wrote:
> On Tue, 16 Dec 2008, Tom Maher wrote:
>> What's the semantics for negative ACLs? For example,
>> fs sa . system:authuser rl
>> fs sa . badguy +rl -negative
>> I'm guessing that'll give badguy negative "rl" bits.
> Makes sense to me.
>> Should 'fs sa . badguy -rl' implicitly give him negative "rl" bits, if
>> he doesn't have anything already?
> That doesn't make sense to me. I'd suggest that -<perm> should never add
> permissions, only remove. So it should just clear the perms if they're se=
> and do nothing if not. To add the negative flags, do what you suggested
> My $0.02.
Sounds very reasonable to me. My vote for implementing it like this.