Andrew Deason <adea...@sinenomine.net> writes: >> If you are talking about my transitive ACLs proposal, then the new >> foo/dir is still subject to the transitive acl on foo/. > > I said you put a transitive ACL on foo/dir.
Then do what I said one more level up. The whole point is to put the transitive ACL at a point higher up in the tree than the point where your users are able to make changes. Here, let's be more concrete: fs sa /afs/@cell/web/ !system:authuser a -negative -transitive Normal users cannot "mv /afs/@cell/web/ /afs/@cell/web/". If they can, you've got the ACLs on /afs/@cell/web/ set wrong. - a _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
