Michael: Thank you for this proposal. I think you have misnamed it. What you are proposing is not finer grained ACLs but ACL change control policies. The problem as Jim Rowan pointed out is that the ability to change the modify the ACL is not the point of control. What is desired is the ability to restrict the permissions that can be granted or restricted on a volume/directory/file irrespective of the ACL applied on the object in question.
To address the use case properly there needs to be the ability to apply additional sets of ACLs controlled entirely by the administrator. Positive ACLs that give privileges that cannot be restricted and negative ACLs that restrict privileges that cannot be granted. These would have to be enforced by the file server at access time. This ensures that changes in group membership do not bypass the administrator set permissions. Jeffrey Altman Michael Meffie wrote: > Hello, > > Andrew, Tom, and I would like to discuss and solicit feedback on > some ideas we have been considering to strengthen OpenAFS access > controls, especially for sites which provide AFS service over the > public internet.
smime.p7s
Description: S/MIME Cryptographic Signature
