Hello,

I've got some more insight into access control issue by reading an AFS2
paper (thanks Satya!) and testing Coda behaviour. As I missed these
details for several years :) I think it is useful to summarize here.

A positive discovery (Jan opened my eyes) was that Coda has some access
control on file level, besides the directory-bound acls. The "owner"
access bits are actually used, not only stored and retrieved. These bits
effectively mask the read and write rights on file-by-file level.

The negative side is that this access control is implemented independently
and with different semantics than the main acl-based one.

 - it is enforced by venus on client side, hence does not protect against
malicious clients, on a global filesystem it just creates a false feeling
of safety

 ==> is it hard to let the *server* to respect the r- and w- access bits?

 - the right to change the bits by chmod() for some reason is bound to "w"
privilege in acls, not to "a" as would seem logical

 ==> what is that reason?

Note also that though the bits used are the unix "file owner" ones, their
function has nothing to do with who is the "file owner".
If a bit is set, it does not influence the rights granted by acls.
If a bit is unset, it prevents the corresponding access for *all*.

Best regards,
--
Ivan