Hello,
thinking of smooth ways to let a group of people create volumes
without distributing a "Coda super user" password.
One way is of course login-authorization on scm, letting people run
scripts as super-user (e.g. via sudo) and thoroughly checking their input
and arguments, with a homegrown "acls" implemented at different levels.
Nothing I would like to set up and rely on.
Now when we can (and should imho) put the volume name information into
the filesystem
["cfs mkm <path>" creates a mountpoint for the volume named "<path>"]
we might want to put even more volume-related information there and use
the Coda acls for authorization? The acls can lie in dedicated volumes,
maintainable by the Coda superuser only...
[xyz below is a placeholder for future realm name, in the traditional coda
it is an empty string]
<DREAM>
$ cfs la /coda/xyz/this_realm_servers/serv1.doma.in/vicepa
<me> lrw [may mean "delete and create volumes",
file creation operations should be not allowed,
then no extra magic is needed to expose this info]
$ cfs la /coda/xyz/this_realm_servers/serv2.doma.in/vicepa
<me> l
$ cfs la /coda/xyz/this_realm_servers/serv2.doma.in/vicepb
<me> lw [may mean "create volumes"]
$ cfs la /coda/xyz/a
<me> rlidwka
<something>
$ cfs mkvolume /coda/xyz/a/b serv1.doma.in/vicepa serv2.doma.in/vicepb
$ cfs mkm /coda/xyz/a/b
$ cfa la /coda/xyz/a/b
<inherited-from-/coda/xyz/a>
[and may be even]
$ ls /coda/xyz/this_realm_servers/serv2.doma.in/vicepa
<volume list>
</DREAM>
Thanks for Coda, it is a great software!
--
Ivan
