[OpenAFS] Ideas for finer grain set acl controls

Sergio Gelato Sergio.Gelato@astro.su.se
Sat, 31 Oct 2009 20:29:53 +0100


* Jeffrey Altman [2009-10-30 13:20:12 -0400]:
> To address the use case properly there needs to be the ability to apply
> additional sets of ACLs controlled entirely by the administrator.
> Positive ACLs that give privileges that cannot be restricted and
> negative ACLs that restrict privileges that cannot be granted.  These
> would have to be enforced by the file server at access time.  This
> ensures that changes in group membership do not bypass the administrator
> set permissions.

Even then, the devil lies in the details. I see no difficulty in having such
additional ACLs work globally or with volume granularity, and this would be
enough to express simple policies such as "no wida rights anywhere in the
cell for system:anyuser"; but if one were to set such an additional ACL only
on a user's public_html directory, what is there to keep the user from
renaming directories?