Directory owner does not have implicit rights.. But the "owner" of the
VOLUME's root directory does have implicit rights on the whole volume.
-derek
Quoting Steve Brown <[EMAIL PROTECTED]>:
Hi All,
One of our more clueful users here pointed out that there seems to
be an error in the AFS documentation about whether or not the UNIX owner
of a directory really has implied administrative rights. The comment
about this appears in the fs setacl docs:
Privilege Required
The issuer must have the a (administer) permission on the directory's ACL;
the directory's owner and the members of the system:administrators group
have the right implicitly, even if it does not appear on the ACL.
So I investigated:
linux3[3]% mkdir test
linux3[4]% fs la test
Access list for test is
Normal rights:
system:administrators rlidwka
system:anyuser rl
sbrown7 rlidwka
linux3[5]% ls -al test
total 4
drwx------ 2 sbrown7 rpc 2048 Feb 7 09:44 .
drwxr-xr-x 6 sbrown7 games 2048 Jan 17 13:15 ..
linux3[6]% fs sa test sbrown7 none
linux3[7]% fs la test
Access list for test is
Normal rights:
system:administrators rlidwka
system:anyuser rl
linux3[8]% fs sa test sbrown7 all
fs: You don't have the required access rights on 'test'
Yep. Not sure if this is an intended change that didn't get
documented, or if it is something that crept in a while back.
Most (all?) of the servers are running 1.4.0, and this client is
1.3.85.
Steve Brown
[EMAIL PROTECTED]
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
