> > not to create new sites). The premise being that if you can write to
> > the root directory, you can pretty much change anything in the volume
> > anyway. Cons? I'm really looking for someone to say "that's a bad
> > idea because..."
>
> That's a bad idea because having the ability to do something doesn't mean
> you should in all cases. Like another person I've conversed with, we have
> many people with root access, but only 3 of us have AFS admin.
I think he's talking about the root directory of a volume, i.e. the top
directory of the volume. Having root access on a machine doesn't mean
anything in this context because the directory isn't acl'd to root.
He's just saying that if you can write the volume, you might as well
be able to release it. This doesn't help you for anything but releases
though. A more general tool like sysctl that lets you do just about
anything you want would definitely be a good thing to have. I'm not sure
sysctl is it though (no support, old version, etc.).
> Even though the rest of the group *can* technically write to those
> filesystems via root on the servers, they have been asked not to.
Restricting access to the servers (or having a special root passwd) will
solve this problem.
-Scott
