[56] in Info-AFS_Redistribution
Default volume acl
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Tue Jan 22 04:54:48 1991
Date: Tue, 22 Jan 91 03:28:03 -0500
To: info-afs@transarc.com
From: Richard Basch <probe@MIT.EDU>
It has been brought to my attention that there is consideration of
adding "system:administrators all" to the volume's acl upon creation of
a new volume.
Personally, I find this disconcerting. When we create volumes at MIT,
we tend to give the project group or user/users (depending on what type
of volume request is placed) "all" access, and if the volume is not a
user's home directory, we leave "system:anyuser rl" on the acl. For
privacy concerns, the default user volumes have "system:anyuser none",
and we leave it to the users to change it back...
However, it is rarely the case that we leave system:administrators with
"god" access in the volumes. We tend to err on the side of caution, and
require that if such access is required, then and only then, should a
system administrator force himself on the acl for the purpose of
performing maintainance/repairs.
For instance, why should a system administrator be allowed to
accidentally write into someone else's project locker? Just granting
"system:administrator la" as a default might be acceptable - as you can
see, I even feel that "read" access might not be justified, since there
may be licensing concerns that should be observed. However, it may be
occassionally useful to be able to quickly get into a subdirectory to
perform a chown, or something. However, even then, I am a little weary
- even a directory listing may be incriminating or confidential, so my
true recommendation is to not touch the default behavior -
"system:administrators none".
-Richard
