[OpenAFS] Re: Supergroups and ACL inheritance

[Todd Lewis]

On 02/25/2011 05:54 PM, Andrew Deason wrote:
> A more accurate way to think about it is to realize that the root
> directory of a volume does not have a parent directory in the usual
> sense. Since you can create many mountpoints to the same volume from
> anywhere in /afs (and even from different cells), the alleged "parent
> directory" may be different, depending on which mountpoint you are
> arriving from.
> 
> Also realize that the root directory of a volume (and its ACL) is
> created when you create the volume, not when you create the mountpoint.
> So, at that time, it certainly has no 'parent directory' to get an ACL
> from.

For completeness, this seems a good time to mention that the owner of a
volume's root directory has an implicit administrator (a) ACL on all
directories in the volume. This is largely so that users can dig their way
back out of inadvertently dug ACL black holes without having to track down an
otherwise happy system:administrators member.

Also, "the owner of a file has implicit read (r) and write (w) rights on a
file if that user has insert (i) rights on its parent directory". (from
http://wiki.openafs.org/AFSLore/UsageFAQ/#2.21%20What%20meaning%20do%20the%20owner%2c)