[OpenAFS] 2 simple questions
Hi, I have two questions regarding AFS administration best practices: 1) For users home directories in AFS, is it save to remove system:administrators from the ACLs (the users have rlidwka on their $HOME)? 2) I currently have /afs and /afs/mydomain owned by root:root, but i.e. /afs/mydomain/data is owned by afsadm:afs (150:150), afsadm being a member of system:administrators. Is it ok to have /afs (the volume, not the mount point) and /afs/mydomain be owned by afsadm:afs? Thanx... Dirk -- Dirk Heinrichs | Tel: +49 (0)162 234 3408 Configuration Manager | Fax: +49 (0)211 47068 111 Capgemini Deutschland | Mail: [EMAIL PROTECTED] Hambornerstraße 55 | Web: http://www.capgemini.com D-40472 Düsseldorf | ICQ#: 110037733 GPG Public Key C2E467BB | Keyserver: www.keyserver.net pgpBoPb6HE6KV.pgp Description: PGP signature
Re: [OpenAFS] 2 simple questions
Hi Dirk, 1) For users home directories in AFS, is it save to remove system:administrators from the ACLs (the users have rlidwka on their $HOME)? there is no problem removing system:administrators from acls, this can be added from members of system:administrators again with no problems. Afaik it is not possible to lock out administrators. 2) I currently have /afs and /afs/mydomain owned by root:root, but i.e. /afs/mydomain/data is owned by afsadm:afs (150:150), afsadm being a member of system:administrators. Is it ok to have /afs (the volume, not the mount point) and /afs/mydomain be owned by afsadm:afs? I do not see any problems regarding the ownership of these directories, acl's are the important point. Thanx... Hopy, i could help. Dirk Klaas ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] 2 simple questions
Klaas Hagemann [EMAIL PROTECTED] writes: Hi Dirk, 2) I currently have /afs and /afs/mydomain owned by root:root, but i.e. /afs/mydomain/data is owned by afsadm:afs (150:150), afsadm being a member of system:administrators. Is it ok to have /afs (the volume, not the mount point) and /afs/mydomain be owned by afsadm:afs? I do not see any problems regarding the ownership of these directories, acl's are the important point. Be aware that if afsadm owns the top level directory of those volumes, afsadm will be able to change the ACLs in those volumes regardless of ACLs. Since it's a member of system:administrators anyway, that shouldn't be a problem, but it's something to keep in mind. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
