(Illustration by Gaich Muramatsu)
Hello, thinking of smooth ways to let a group of people create volumes without distributing a "Coda super user" password. One way is of course login-authorization on scm, letting people run scripts as super-user (e.g. via sudo) and thoroughly checking their input and arguments, with a homegrown "acls" implemented at different levels. Nothing I would like to set up and rely on. Now when we can (and should imho) put the volume name information into the filesystem ["cfs mkm <path>" creates a mountpoint for the volume named "<path>"] we might want to put even more volume-related information there and use the Coda acls for authorization? The acls can lie in dedicated volumes, maintainable by the Coda superuser only... [xyz below is a placeholder for future realm name, in the traditional coda it is an empty string] <DREAM> $ cfs la /coda/xyz/this_realm_servers/serv1.doma.in/vicepa <me> lrw [may mean "delete and create volumes", file creation operations should be not allowed, then no extra magic is needed to expose this info] $ cfs la /coda/xyz/this_realm_servers/serv2.doma.in/vicepa <me> l $ cfs la /coda/xyz/this_realm_servers/serv2.doma.in/vicepb <me> lw [may mean "create volumes"] $ cfs la /coda/xyz/a <me> rlidwka <something> $ cfs mkvolume /coda/xyz/a/b serv1.doma.in/vicepa serv2.doma.in/vicepb $ cfs mkm /coda/xyz/a/b $ cfa la /coda/xyz/a/b <inherited-from-/coda/xyz/a> [and may be even] $ ls /coda/xyz/this_realm_servers/serv2.doma.in/vicepa <volume list> </DREAM> Thanks for Coda, it is a great software! -- IvanReceived on 2002-10-23 10:57:46