[OpenAFS] user-visible change suggestion for fs setacl

Erik DalÚn dalen@socialisterna.org
Wed, 17 Dec 2008 09:48:59 +0100


On Wed, Dec 17, 2008 at 03:09, Stephen Joyce <stephen@physics.unc.edu> wrote:
> On Tue, 16 Dec 2008, Tom Maher wrote:
>
>> What's the semantics for negative ACLs?  For example,
>>
>> fs sa . system:authuser rl
>> fs sa . badguy +rl -negative
>>
>> I'm guessing that'll give badguy negative "rl" bits.
>
> Makes sense to me.
>
>> Should 'fs sa . badguy -rl' implicitly give him negative "rl" bits, if
>> he doesn't have anything already?
>
> That doesn't make sense to me. I'd suggest that -<perm> should never add
> permissions, only remove. So it should just clear the perms if they're se=
t
> and do nothing if not. To add the negative flags, do what you suggested
> above.
>
> My $0.02.

Sounds very reasonable to me. My vote for implementing it like this.

-- 
Erik DalÚn