[711] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

groups of groups

daemon@ATHENA.MIT.EDU (Lyle_Seaman@transarc.com)
Thu Apr 9 12:31:49 1992

Date: Thu,  9 Apr 1992 09:54:24 -0400 (EDT)
From: Lyle_Seaman@transarc.com
To: Info-AFS@transarc.com
Cc: ccprl@xdm001.ccc.cranfield.ac.uk,
In-Reply-To: <9204090941.AA04383@xdm001>

"Peter Lister, Cranfield Computer Centre" <ccprl@xdm001.ccc.cranfield.ac\ writes:
> What we should be able to do is set ACLs for package1:users ONLY, and do the
> rest with pts. Before the class:
> 
> pts addmember -group package1:user -member student:group1 student:group2 \
>    project:group3
> pts removemember -group package1:user -member system:anyuser
> 
> After the class:
> 
> pts addmember -group package1:users -member system:anyuser
> 
> group1 group2 and group3 are groups maintained by or on behalf of another
> department, or student registry. They are almost certainly NOT maintained by
> the package support staff.
> ------------------------------------------------------------------------

Not to deny the user interface issues but:

There are cache consistency problems with such a scheme.  As it
currently stands, a change to an ACL will break callbacks to all
clients to have the file cached.  Subsequent references will be
governed by the new access information.  A change to a group does not
affect accesses by users who already have tokens (until the tokens
expire, or the user klogs again).

Lyle		Transarc		707 Grant Street
412 338 4474	The Gulf Tower		Pittsburgh 15219

home help back first fref pref prev next nref lref last post