Quoting Chaskiel M Grundman <[EMAIL PROTECTED]>:
--On Wednesday, December 21, 2005 12:42:25 -0500 Derek Atkins
<[EMAIL PROTECTED]> wrote:
someone il
in the ACL. I don't know if the OpenAFS client support this though. At
least an OpenAFS client from 2002 running on Solaris give a permission
denied trying to write to a owned file. A current Arla doesn't.
If you don't have 'w' access on a directory then even if you own a
file the fileserver should deny the write() request.
It's not that simple. If you have 'i' access, then, as far as the
server is concerned, you _can_
write to files whose owner matches your pts id (you might even be
able to read from them - I don't remember the details). The openafs
client doesn't let you open such files, but that is entirely
client-side enforcement.
Hmm.. That seems... unfortunate (or at least less than secure).
On the gripping hand, I suppose it might be challenging for the
fileserver to differentiate a StoreData() based on an insert
versus one based on a write....
But it would be nice if the server could have better enforcement
instead of the client. What other acl limitations are actually
only enforced on the client and not the server?
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
