On 1/16/2010 2:23 PM, Adam Megacz wrote: > > Derek Atkins <[email protected]> writes: >> I don't think it would be possible to have a transitive acl across a >> mountpoint boundary, because a volume can be mounted in multiple >> locations. > > Agreed; I should have mentioned that. > > I keep a set of notes on what I would do differently if AFS were > completely rebuilt from scratch without any backward-compatibility > concerns. If each volume had some sort of secret access key (retrieved > by the CM via its mountpoint in some other volume) it would be possible > to control who is allowed to create a mountpoint pointing *to* a > particular volume. But the means to do so goes way outside the existing > AFS infrastructure. > > - a Adam:
Any volume can be accessed directly. No mount point is required to do so. In fact, any object within a volume can be accessed directly. Paths are not access control mechanisms. The only thing that matters is the ACL that is enforced on the object by the file server. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ AFS3-standardization mailing list [email protected] http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
