[OpenAFS] Re: Ideas for finer grain set acl controls

Russ Allbery rra@stanford.edu
Thu, 12 Nov 2009 12:23:20 -0800

Andrew Deason <adeason@sinenomine.net> writes:

> In other words: *** PLEASE SPEAK UP *** if you want to be able to
> prevent normal users from doing something like "fs setacl ${HOME}
> system:authuser rlidwka" even when they have the 'a' bit on ${HOME}.

> Even if it's just "+1, yes, I want that", please say something.

It's not as important as being able to block system:anyuser, but yes, I'd
ideally like to be able to block arbitrary PTS groups from being added to
ACLs with "all" or "write" access.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>