Lyle,
We'd very much like to see some future release of AFS (3.5, for example)
allow anyone with administer rights over a volume to issue a vos release
of that volume. It seems reasonable that if an AFS admin wished to grant
administrative rights to a certain user or group of users for a given volume,
that it would also be useful to enable those users to regenerate the clones
when changes were made to the read-write volume. For now, we've put some
sysctl-based hacks ah tools in place to let folks at our site do this kind
of thing as necessary. But they really are just hacks at this point.
I would also be interested in allowing anyone with administer rights over
a volume to regenerate the backup copy of that volume (ie issue a vos backup
command). This might be open to debate, as I can imagine many sites would
rather not let users mess with their backup volumes on demand (ie, it might
be bothersome if a user decided to regenerate her backup volume while AFS
backups were running, or if a sysadmin had purposely removed a backup volume
to ease an almost-full partition situation). Perhaps the ability to enable
users with administer rights to issue vos releases or vos backups could be
set with some flag on a per-cell basis?
And as long as someone brought up the topic of volume ownership and the
permissions that come with it during this discussion, let me add my two cents
on that one. Currently the volume owner, ie the userid who owns the top level
of the directory of the volume, has implicit administer rights over the entire
volume. But other users with explicit administer rights over that top level
directory do *not* have administer rights over the entire volume. For example,
if an AFS admin decides to grant administer rights to a certain userid for a
certain volume with a given directory structure, that admin will need to do a
recursive ACL change on all subdirectories of that volume to explicitly grant
administer rights to that user to the entire volume in question. I've yet to
figure out how or why this restriction might be a feature; so far I've only
found it to be an administrative pain in the butt. Would it be possible to
allow users with administer rights on the top directory in a given volume to
also have implicit administer rights over the entire volume, just like the
volume owner does? Or is there some basic problem that this would introduce
in the way that ACLs are intended to work?
Opinions?
--Judy Warren
Cornell Theory Ceter
Lyle Seaman writes:
>
> I'd hate to see the present implementation of a piece of software ever
> become the _sole_ reason not to change that software. I too, like the
> idea of permitting someone other than (in addition to) the members of
> system:administrators to release volumes. I just haven't figured out
> what is a clear, clean, configuration mechanism. I thought it might
> make sense to permit anyone with write permissions on the root
> directory to perform releases on that volume (to existing sites only,
> not to create new sites). The premise being that if you can write to
> the root directory, you can pretty much change anything in the volume
> anyway. Cons? I'm really looking for someone to say "that's a bad
> idea because..."
>
> Lyle.
> Disclaimer: this note does not consitute a warranty, implied or otherwise.
>
