Re: [OpenAFS] controlling access to backup volumes

2007-03-20 Thread anne salemme 

Adam Megacz wrote:

So, is there any way to make a backup volume less accessible than its
rw?  If not, then it means that reducing access to any backed-up file
always has to wait until the next backup...

 
  
if you're in a big hurry, you can do a 'vos backup' manually, no need to 
wait for the next automatically scheduled one. that is, fix the acl and 
then do the vos backup right away.


anne



___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] controlling access to backup volumes

2007-03-19 Thread Russ Allbery 
Derek Atkins <[EMAIL PROTECTED]> writes:
> Adam Megacz <[EMAIL PROTECTED]> writes:

>> So, is there any way to make a backup volume less accessible than its
>> rw?  If not, then it means that reducing access to any backed-up file
>> always has to wait until the next backup...

> Nope, there's not.  And your analysis is correct.

You can, of course, force a new backup immediately (and even provide a
tool for users to do that themselves through something like the remctl AFS
interface we use at Stanford).

-- 
Russ Allbery ([EMAIL PROTECTED]) 
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] controlling access to backup volumes

2007-03-19 Thread Derek Atkins 
Adam Megacz <[EMAIL PROTECTED]> writes:

> If a user removes a file (or restricts access to it by changing an
> ACL), and the file existed prior to the most recent "vos backup", that
> file will still be accessible via the backup volume.

Correct.

> The backup volume can be mounted beneath a directory with a very
> restrictive ACL, but it seems that other users in the same cell could
> circumvent this by simply creating a new mount point for the backup
> volume somewhere else.

It's not even limited to other uses in the same cell..  Someone in
ANOTHER cell could mount it, too!  Granted, they could only gain
the rights that they can authenticate to, so generally it's only
an issue for system:anyuser (or system:[EMAIL PROTECTED]) acls.

> So, is there any way to make a backup volume less accessible than its
> rw?  If not, then it means that reducing access to any backed-up file
> always has to wait until the next backup...

Nope, there's not.  And your analysis is correct.

>   - a

-derek

-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   [EMAIL PROTECTED]PGP key available
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info