> documenting explicitly 'removing l doesn't remove all rights in > descendants' is probably a good idea. I'm not aware of anywhere we > suggest otherwise, but people tend to think that anyway. It's hard > enough to get people not to trust ACLs in "parent" volumes because they > don't realize volumes could be mounted from anywhere.
I don't feel that "ACLs are inherited at descendent-creation time" is a security concern so much as "you should knoq how this works"; In that sense, yes, if it's not documented, it should be. _______________________________________________ AFS3-standardization mailing list [email protected] http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
