[OpenAFS] Re: Ideas for finer grain set acl controls
Alf Wachsmann
alfw@slac.stanford.edu
Thu, 12 Nov 2009 12:33:07 -0800 (PST)
On Thu, 12 Nov 2009, Russ Allbery wrote:
> Andrew Deason <adeason@sinenomine.net> writes:
>> In other words: *** PLEASE SPEAK UP *** if you want to be able to
>> prevent normal users from doing something like "fs setacl ${HOME}
>> system:authuser rlidwka" even when they have the 'a' bit on ${HOME}.
>
>> Even if it's just "+1, yes, I want that", please say something.
>
> It's not as important as being able to block system:anyuser, but yes, I'd
> ideally like to be able to block arbitrary PTS groups from being added to
> ACLs with "all" or "write" access.
What he said. I would like that feature.
-- Alf.
-----------------------------------------------------------------------
Alf Wachsmann | e-mail: alfw@slac.stanford.edu
SLAC - Scientific Computing | Phone: +1-650-926-4802
2575 Sand Hill Road, M/S 97 | FAX: +1-650-926-3329
Menlo Park, CA 94025, USA | Office: Bldg. 50/323
-----------------------------------------------------------------------
http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------