Adam Megacz <[EMAIL PROTECTED]> writes:
> If a user removes a file (or restricts access to it by changing an
> ACL), and the file existed prior to the most recent "vos backup", that
> file will still be accessible via the backup volume.
Correct.
> The backup volume can be mounted beneath a directory with a very
> restrictive ACL, but it seems that other users in the same cell could
> circumvent this by simply creating a new mount point for the backup
> volume somewhere else.
It's not even limited to other uses in the same cell.. Someone in
ANOTHER cell could mount it, too! Granted, they could only gain
the rights that they can authenticate to, so generally it's only
an issue for system:anyuser (or system:[EMAIL PROTECTED]) acls.
> So, is there any way to make a backup volume less accessible than its
> rw? If not, then it means that reducing access to any backed-up file
> always has to wait until the next backup...
Nope, there's not. And your analysis is correct.
> - a
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
