[4879] in arla-drinkers
Methods of Restricting AFS3 ACL rights
daemon@ATHENA.MIT.EDU (Andrew Deason)
Wed Jan 13 12:26:56 2010
From arla-drinkers-bounces@stacken.kth.se Wed Jan 13 17:26:56 2010
Return-Path: <arla-drinkers-bounces@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 6205 invoked from network); 13 Jan 2010 17:26:56 -0000
Received: from mx2.kth.se (130.237.48.98)
by charon.mit.edu with SMTP; 13 Jan 2010 17:26:56 -0000
Received: from localhost (localhost [127.0.0.1])
by mx2.kth.se (Postfix) with ESMTP id 13EAE1097E6;
Wed, 13 Jan 2010 18:26:54 +0100 (CET)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from mx2.kth.se ([127.0.0.1])
by localhost (mx2.kth.se [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id JsOxDzXHe7MM; Wed, 13 Jan 2010 18:26:51 +0100 (CET)
Received: from tapas.stacken.kth.se (tapas.stacken.kth.se [130.237.234.140])
by mx2.kth.se (Postfix) with ESMTP id 2E26E1097D3;
Wed, 13 Jan 2010 18:26:29 +0100 (CET)
Received: from tapas.stacken.kth.se (localhost [127.0.0.1])
by tapas.stacken.kth.se (Postfix) with ESMTP id E3BA251D5B;
Wed, 13 Jan 2010 18:26:28 +0100 (CET)
X-Original-To: arla-drinkers@tapas.stacken.kth.se
Delivered-To: arla-drinkers@tapas.stacken.kth.se
Received: from brev.stacken.kth.se (brev.stacken.kth.se [130.237.234.84])
by tapas.stacken.kth.se (Postfix) with ESMTP id 59EDA51D5B
for <arla-drinkers@tapas.stacken.kth.se>;
Wed, 13 Jan 2010 18:26:27 +0100 (CET)
Received: from mx2.kth.se (mx2.kth.se [130.237.48.98])
by brev.stacken.kth.se (8.12.10/8.12.10) with ESMTP id o0DHQQjC000279
for <arla-drinkers@stacken.kth.se>;
Wed, 13 Jan 2010 18:26:26 +0100 (MET)
Received: from localhost (localhost [127.0.0.1])
by mx2.kth.se (Postfix) with ESMTP id B51BD1097A4
for <arla-drinkers@stacken.kth.se>;
Wed, 13 Jan 2010 18:26:21 +0100 (CET)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from mx2.kth.se ([127.0.0.1])
by localhost (mx2.kth.se [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id 2C40Whsd7dhg for <arla-drinkers@stacken.kth.se>;
Wed, 13 Jan 2010 18:26:20 +0100 (CET)
Received: from smtp175.dfw.emailsrvr.com (smtp175.dfw.emailsrvr.com
[67.192.241.175]) by mx2.kth.se (Postfix) with ESMTP id D161C1097C8
for <arla-drinkers@stacken.kth.se>;
Wed, 13 Jan 2010 18:26:19 +0100 (CET)
Received: from relay17.relay.dfw.mlsrvr.com (localhost [127.0.0.1])
by relay17.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id
9B69C2C7233A; Wed, 13 Jan 2010 12:17:33 -0500 (EST)
X-SMTPDoctor-Processed: csmtpprox 2.6.9
Received: from relay17.relay.dfw.mlsrvr.com (localhost [127.0.0.1])
by relay17.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id
947D52C724AA; Wed, 13 Jan 2010 12:17:33 -0500 (EST)
Received: by relay17.relay.dfw.mlsrvr.com (Authenticated sender:
adeason-AT-sinenomine.net) with ESMTPSA id 2CEAC2C7233A;
Wed, 13 Jan 2010 12:17:33 -0500 (EST)
Date: Wed, 13 Jan 2010 11:17:32 -0600
From: Andrew Deason <adeason@sinenomine.net>
To: openafs-devel@openafs.org, openafs-info@openafs.org,
afs3-standardization@openafs.org, arla-drinkers@stacken.kth.se
Subject: Methods of Restricting AFS3 ACL rights
Message-Id: <20100113111732.cd891f77.adeason@sinenomine.net>
Organization: Sine Nomine Associates
X-Mailer: Sylpheed 2.6.0 (GTK+ 2.16.6; i386-apple-darwin9.7.0)
Mime-Version: 1.0
X-BeenThere: arla-drinkers@stacken.kth.se
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: Arla discussions <arla-drinkers.stacken.kth.se>
List-Unsubscribe: <https://lists.stacken.kth.se/mailman/listinfo/arla-drinkers>,
<mailto:arla-drinkers-request@stacken.kth.se?subject=unsubscribe>
List-Archive: <http://lists.stacken.kth.se/pipermail/arla-drinkers>
List-Post: <mailto:arla-drinkers@stacken.kth.se>
List-Help: <mailto:arla-drinkers-request@stacken.kth.se?subject=help>
List-Subscribe: <https://lists.stacken.kth.se/mailman/listinfo/arla-drinkers>,
<mailto:arla-drinkers-request@stacken.kth.se?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: arla-drinkers-bounces@stacken.kth.se
Errors-To: arla-drinkers-bounces@stacken.kth.se
To all AFS users and administrators,
Recently, the OpenAFS community has been discussing potential methods
of restricting ACL modifications. In other words, possible ways of
preventing just any user with 'a' rights from granting 'rlidwka'
rights to system:anyuser, if the administrator wants to prevent it.
Since the way we go about doing this is potentially very visible to
both AFS administrators and users, we are asking any interested
parties from the wider AFS community to voice their opinions. The
explanation for the various methods now exists as an Internet Draft,
and can be found here:
<http://www.ietf.org/id/draft-deason-afs3-acl-restrictions-00.txt>
<http://tools.ietf.org/html/draft-deason-afs3-acl-restrictions-00>
This is just to explore the options and get feedback. We would
appreciate it if you let us know of any problems or concerns you may
have the described approaches, or if you support the ideas (even if it's
just "I want this feature but don't have time to read the document").
We are aiming to start work on standardizing the mechanisms for actually
implementing one of these methods in early February at the latest, so
please try to express feedback by then, if you can.
--
Andrew Deason
adeason@sinenomine.net
_______________________________________________
Arla-drinkers mailing list
Arla-drinkers@stacken.kth.se
https://lists.stacken.kth.se/mailman/listinfo/arla-drinkers
