Simon Wilkinson wrote:
On 27 Oct 2008, at 15:15, Michael Meffie wrote:
Jeffrey Hutzelman wrote:
--On Monday, October 20, 2008 09:51:15 AM -0400 Michael Meffie
<[EMAIL PROTECTED]> wrote:
Since the C acl is documented as having no default meaning,
this is conditionally compiled into the fileserver with
the --enable-posix-chown option (disabled by default).
As discussed at the recent hackathon, the bit to be used should be
determined at configure time, rather than being hard coded. This
allows sites that wish to use this feature to map it onto an ACL bit
they are not already using. Thus, one would have to configure with
an option like --enable-posix-chown=C (with legal values being
[ABCDEFGH] and "no", and maybe even 'a' or 'w', but not "yes").
The attached patch includes the code to set which ACL bit is to
be used. The configure switch has been changed to
--enable-permit-chown-acl
which can be used to specify which ACL bit is used and defaults
to disabled.
Please, please, please don't make this configurable. From a user
experience point of view it's horrific. Having the ACL bit which
controls this behaviour differ between cells (and even between
fileservers) will confuse any user who moves between sites, or even who
reads a different site's documentation when trying to come to grips with
AFS. It spectacularly violates the principle of least surprise.
All good points. I've found even testing of this patch to be
interesting, something which we probably want to avoid for
a security sensitive change.
We should either pick a bit, and make it globally consistent (and
reserved on those fileservers which don't enable the behaviour), or
defer this feature until we have more ACL bits to play with.
What would the process be to pick a bit? Derrick originally suggested
'C', which seems to be a fine choice and easy to remember.
How could we have more ACL bits to play with? Does that entail
an on disk format change?
Mike --
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
