[58] in Info-AFS_Redistribution
Re: Default volume ACL
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Tue Jan 22 20:33:44 1991
Date: Tue, 22 Jan 1991 19:42:31 -0500 (EST)
From: Liz_Hines@transarc.com
To: Info-AFS@transarc.com
In-Reply-To: <9101221401.AA09203@pookie.psc.edu>
Because of numerous complaints from our administrators, we have
decided to change the default ACL on volume creation to
"system:administrators all". The old behavior was to create a volume
with "system:anyuser rl".
There are two main complaints with the old behavior. First, when you
create a new volume it is empty and one of the first things you want
to do is add data to the volume. But with an ACL of "system:anyuser rl",
you first have to set the ACL to something reasonable in order to put
things in it. To do this, you must be in the system:administrators group.
The other problem is that volumes, by default, are created with access
to the world. Since the system administrator will have to change the
ACL in order to use the volume, it seems reasonable to only allow
access to the group of people who can change the ACL to whatever they
want and not create potential security holes for sites who don't clear
the ACL when they create a new volume.
The correct way to fix this is to provide some mechanism where the
default ACL on a newly-created volume is configurable, either on the
vos command line or via environment variables. Because of the amount
of work involved in this solution and the priorities for other fixes,
we were not able to implement such a mechanism in AFS 3.1. We decided
to change the default ACL in order to partially address the problems
listed above.
Liz Hines
Product Support Manager, File Systems
Transarc Corporation
