--On Saturday, June 27, 2009 04:34:37 PM -0400 Jeffrey Altman
<[email protected]> wrote:
1. means that granting additional access to a file (wrt the parent
directory) through a file ACL would not work for old clients. That
may be acceptable, but it depends on what people intend to do with the
new facility. Of course if it's an issue they have the option to
upgrade the clients.
We will have to determine if this is even feasible to maintain. ACLs
do not change all that often but if there are thousands of objects in
the directory with different ACL combinations it is going to be really
hard to figure out what the restricted subset is supposed to be.
It's not hard, because you don't ever have to compute a most-restrictive
ACL. All you have to do is report the most restrictive set of rights
granted to a particular user, which is straightforward, if time-consuming.
-- Jeff
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
