Andrew Deason
Mon, 18 Jan 2010 12:21:08 -0800
On Mon, 18 Jan 2010 15:11:25 -0500 Derrick Brashear <sha...@gmail.com> wrote:
> If you're bored, you can read every FID you can read. Just read them > one at a time, starting with 1. My intuition tells me OpenAFS' fileserver abort threshold would make this take longer, too. > Don't want to let someone read something? There are these ACLs.... > set them. I agree, but >>>> That's something I think might be worth documenting as a security >>>> concern (and plenty of other similar cases). documenting explicitly 'removing l doesn't remove all rights in descendants' is probably a good idea. I'm not aware of anywhere we suggest otherwise, but people tend to think that anyway. It's hard enough to get people not to trust ACLs in "parent" volumes because they don't realize volumes could be mounted from anywhere. -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel