[OpenAFS-devel] Re: [AFS3-std] Re: Methods of Restricting AFS3 ACL rights (correctness+performance)

[Jeffrey Altman]

On 1/18/2010 2:05 AM, Adam Megacz wrote:
>
> Andrew Deason <adea...@sinenomine.net> writes:
>>>> I said you put a transitive ACL on foo/dir.
>>>
>>> Then do what I said one more level up.
>>
>> Yes, so then it's not terribly useful, unless you always use it at the
>> volume root.
>
> I think you mean "below the volume root", not "at the volume root":
>
>   cd       /afs/@cell/$SOMEWHERE
>   fs mkm   mountpoint myvolume
>   fs sa    mountpoint/x/y !system:authuser a -negative -transitive
>   fs sa    mountpoint/x/y/z/q newbieuser all
>
>   - a

Russ, Andrew, Jeff and I all mean "at the volume root" or to put it
another way, as policy attached to the volume object itself and not on a
particular directory object stored within the volume.   Think of it as

    vos setacl -cell cell -volume user.foo  -acl !system:authuser a
-negative -transitive

If you want to apply a different policy to a sub tree within the volume
user.foo, then you would split the volume at the directory where you
want the new policy to take effect and apply the policy to the new volume.

One of the reasons for this approach is that file servers do not process
paths when responding to the cache manager requests.  The cache manager
simply asks for the contents of a particular file id and the file server
must be able to determine the access rights by looking at the ACLs on
the object and the authorization associated with the connection.  As
Jeff said yesterday, the volume is the object of storage
administration.  Policy should be associated with the volume object;
whether it be restrictions on the ACLs permitted to be applied to the
volume, or encrypted or authorization requirements for client
connections, or requirements of the file servers the volume is permitted
to be moved to, etc.

Jeffrey Altman

smime.p7s
Description: S/MIME Cryptographic Signature