On Wed, Dec 17, 2008 at 03:09, Stephen Joyce <[email protected]> wrote: > On Tue, 16 Dec 2008, Tom Maher wrote: > >> What's the semantics for negative ACLs? For example, >> >> fs sa . system:authuser rl >> fs sa . badguy +rl -negative >> >> I'm guessing that'll give badguy negative "rl" bits. > > Makes sense to me. > >> Should 'fs sa . badguy -rl' implicitly give him negative "rl" bits, if >> he doesn't have anything already? > > That doesn't make sense to me. I'd suggest that -<perm> should never add > permissions, only remove. So it should just clear the perms if they're set > and do nothing if not. To add the negative flags, do what you suggested > above. > > My $0.02.
Sounds very reasonable to me. My vote for implementing it like this. -- Erik Dalén _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
