[OpenAFS] Re: Ideas for finer grain set acl controls
Ben Poliakoff
benp@reed.edu
Thu, 12 Nov 2009 12:38:50 -0800
--mYYhpFXgKVw71fwr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Andrew Deason <adeason@sinenomine.net> [20091112 12:13]:
> On Thu, 12 Nov 2009 14:51:11 -0500
> Michael Meffie <mmeffie@sinenomine.net> wrote:
>=20
> > > It seems to me that restricting system:authuser would be less common
> > > than anyuser/anonymous, but it still could be useful; and we have
> > > other methods that cover the use case.
> >=20
> > I'm failing to see a use case here. Anyone on this list have a
> > concrete example?
>=20
> In other words: *** PLEASE SPEAK UP *** if you want to be able to
> prevent normal users from doing something like "fs setacl ${HOME}
> system:authuser rlidwka" even when they have the 'a' bit on ${HOME}.
>=20
> Even if it's just "+1, yes, I want that", please say something.
>=20
We'd certainly appreciate that capability at our site.
+1
Ben
--=20
________________________________________________________________________
PGP key updated: http://www.reed.edu/~benp/key-transition-2009-05-11.txt
PGP (318B6A97): 3F23 EBC8 B73E 92B7 0A67 705A 8219 DCF0 318B 6A97
--mYYhpFXgKVw71fwr
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIVAwUBSvxyWYIZ3PAxi2qXAQgplQ/9FEXOln5zzR63stPTXHWR1AIolt/zaxwk
0ueueNmAptWRIYcavjVA47JugXCQjFmBlAuO/p1qSp0d43dc6hk+jf6yNh89qaJc
0DXofRhJTj7l2Dr9s3JPLmqLtwvTNfvL/ryftSwNaA9mvulsvSoirIZYybiCxEM3
/HQME2bPYz2/b4bSo4sn+rF5L5kauoAwmSIWvtJcltT7GmXy1TkN/OCrIfnu2dh/
W/Y9VDV7iag6cn9fCEminyTF+NRnZDMFkjIhi05CYRw4kTUVIezLhgFlCnUV3abN
5+kmtbo7J2ggdc3dboEWahwxHvIkTFO8sg7rUw/Jg71kDrHpdMN4GW5w6mzihZEG
P1SYcmmKuHDKWVKfaEZ1aMEfKyx99xyRmS2PNHfohGMH5yATtimgc+oXv55LYIkp
Tp21W1gQguRqSKBrRAD0lR642gtiGnCHBEAHV4CBFc5qIhHrX3p/aH+8FYZcwgCb
l2su0QO8QkzA+FSbX/ti5O4dYY4pTsYjZGCnO8dw5/2oBQj7iIOxBldqPDBnysMW
4XjZY3Sn6EAv5jqyFwC/8vM+lZ4nJdPMk3EK5xz4d20OGiFpH9Qc2VNdOLcJO6mB
jojX2h2NtYFEcRxLedu4burXyjAEAAWw5APBqTRw8fU9DDyO7xfU796cT58UHCrt
HmXncpQl1tY=
=FsRh
-----END PGP SIGNATURE-----
--mYYhpFXgKVw71fwr--