[OpenAFS] Re: Supergroups and ACL inheritance

Russ Allbery rra@stanford.edu
Fri, 25 Feb 2011 14:14:23 -0800


Thomas Smith <theitsmith@gmail.com> writes:
> On Thu, Feb 24, 2011 at 10:11 PM, Andrew Deason <adeason@sinenomine.net>wrote:

>> You don't want negative permissions there. I've found, at least for me,
>> negative permissions are rarely what you want to do. I'm assuming you
>> want 'group0' people to be able to put stuff all over the Group0/
>> directory, but only want group0:admins to have access to the 'Admins'
>> directory?

> Your assumption is correct.

> What purpose does negative permissions serve if not to remove
> permissions inherited from a higher level?

They allow you to grant access to all members of a particular PTS group
except some specific people.

It's a fairly rare thing to want to do, so they're mostly an attractive
nuisance.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>