Coda File System

design, beyond AFS - more?

From: Ivan Popov <pin_at_math.chalmers.se>
Date: Wed, 23 Oct 2002 16:51:59 +0200 (MET DST)
Hello,

thinking of smooth ways to let a group of people create volumes
without distributing a "Coda super user" password.

One way is of course login-authorization on scm, letting people run
scripts as super-user (e.g. via sudo) and thoroughly checking their input
and arguments, with a homegrown "acls" implemented at different levels.

Nothing I would like to set up and rely on.

Now when we can (and should imho) put the volume name information into
the filesystem
["cfs mkm <path>" creates a mountpoint for the volume named "<path>"]

we might want to put even more volume-related information there and use
the Coda acls for authorization? The acls can lie in dedicated volumes,
maintainable by the Coda superuser only...

[xyz below is a placeholder for future realm name, in the traditional coda
it is an empty string]

<DREAM>
$ cfs la /coda/xyz/this_realm_servers/serv1.doma.in/vicepa
    <me> lrw    [may mean "delete and create volumes",
                 file creation operations should be not allowed,
                 then no extra magic is needed to expose this info]

$ cfs la /coda/xyz/this_realm_servers/serv2.doma.in/vicepa
    <me> l

$ cfs la /coda/xyz/this_realm_servers/serv2.doma.in/vicepb
    <me> lw     [may mean "create volumes"]

$ cfs la /coda/xyz/a
    <me> rlidwka
    <something>

$ cfs mkvolume /coda/xyz/a/b serv1.doma.in/vicepa serv2.doma.in/vicepb

$ cfs mkm /coda/xyz/a/b

$ cfa la /coda/xyz/a/b
    <inherited-from-/coda/xyz/a>

[and may be even]
$ ls /coda/xyz/this_realm_servers/serv2.doma.in/vicepa
 <volume list>

</DREAM>

Thanks for Coda, it is a great software!
--
Ivan
Received on 2002-10-23 10:57:46