Alf Wachsmann <[email protected]> wrote:
On Thu, 12 Nov 2009, Russ Allbery wrote:
Andrew Deason <[email protected]> writes:
In other words: *** PLEASE SPEAK UP *** if you want to be able to
prevent normal users from doing something like "fs setacl ${HOME}
system:authuser rlidwka" even when they have the 'a' bit on ${HOME}.
Even if it's just "+1, yes, I want that", please say something.
It's not as important as being able to block system:anyuser, but
yes, I'd ideally like to be able to block arbitrary PTS groups from
being added to ACLs with "all" or "write" access.
What he said. I would like that feature.
Me too!
Also, I would like separate "change acl" and "add mount point"
permissions. I often end up granting "a" just so that users can add
mount points as I see mount points as one of the key benefits of AFS.
The end user can define their view of the file space and not have to
resort to hard-coded things like symlinks or hardlinks.
Some users just cannot be trusted to manage their own ACLs though.
<<CDC
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
