* Jeffrey Altman [2009-10-30 13:20:12 -0400]: > To address the use case properly there needs to be the ability to apply > additional sets of ACLs controlled entirely by the administrator. > Positive ACLs that give privileges that cannot be restricted and > negative ACLs that restrict privileges that cannot be granted. These > would have to be enforced by the file server at access time. This > ensures that changes in group membership do not bypass the administrator > set permissions.
Even then, the devil lies in the details. I see no difficulty in having such additional ACLs work globally or with volume granularity, and this would be enough to express simple policies such as "no wida rights anywhere in the cell for system:anyuser"; but if one were to set such an additional ACL only on a user's public_html directory, what is there to keep the user from renaming directories? _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info