Derrick Brashear
Mon, 18 Jan 2010 12:23:10 -0800
> documenting explicitly 'removing l doesn't remove all rights in > descendants' is probably a good idea. I'm not aware of anywhere we > suggest otherwise, but people tend to think that anyway. It's hard > enough to get people not to trust ACLs in "parent" volumes because they > don't realize volumes could be mounted from anywhere.
I don't feel that "ACLs are inherited at descendent-creation time" is a security concern so much as "you should knoq how this works"; In that sense, yes, if it's not documented, it should be. _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel