We have found that it is easiest for us to have some volumes owned by
a group (so that he entire group has the ability to recover from
various acl-setting mistakes, like removing everyone) rather than a
single person. Our current setup accomplishes this by chown-ing the
mountpoints of those volumes to the gid of the relevant group. Much
of our environment is managed by a single server, and it does the
chown automatically when it does the vos create. However, in afs
gid's are negative, in order to distinguish them from uid's. While it
is possible to do the chown on the decstation we have now, we are
planning to upgrade this machine to a Sun running Solaris. Under
Solaris (and just about every other platform we've checked) it isn't
possible to give chown a negative argument. Does anyone know of
another way to get a group to have the implicit rights to correct ACL
mistakes in a volume, or some other solution to our problem?
Jonathon Weiss
[EMAIL PROTECTED]
MIT IS/Athena Server Operations
