On Mon, 18 Jan 2010 06:03:20 +0000 Adam Megacz <[email protected]> wrote:
> > Andrew Deason <[email protected]> writes: > >> If you are talking about my transitive ACLs proposal, then the new > >> foo/dir is still subject to the transitive acl on foo/. > > > > I said you put a transitive ACL on foo/dir. > > Then do what I said one more level up. Yes, so then it's not terribly useful, unless you always use it at the volume root. Hence, volume-level ACLs. > Here, let's be more concrete: > > fs sa /afs/@cell/web/ !system:authuser a -negative -transitive > > Normal users cannot "mv /afs/@cell/web/ /afs/@cell/web/". If they > can, you've got the ACLs on /afs/@cell/web/ set wrong. I would also hope you don't have your entire web tree (including user personal webspace) all contained in one volume... you need to mark the policy restrictions on the volumes mounted in the web tree anyway. -- Andrew Deason [email protected] _______________________________________________ AFS3-standardization mailing list [email protected] http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
