Coda File System

access rights on newly created volumes

From: <u+codalist-p4pg_at_chalmers.se>
Date: Wed, 19 Apr 2006 14:07:44 +0200
Hello the good Coda team,

is it possible to specify initial access rights to the root
directory of a newly created volume?

I need a method to give away new volumes without running on a client
as a member of System:Administrators group.
That group is far too powerful.

It seems natural to specify an account or group responsible for a volume
at its creation on a server.

Another issue is that mere mortals (^ System:Administrators)
can have problem creating mount points - that seems to be a privileged
operation. In my opinion it does not have to. An evil user can
always set up a realm on his own and mount any volume of yours
anywhere inside his own realm.

To keep users from creating random mountpoints is of course a Good Thing (tm)
so it might be possibly acl-controlled, say reusing the 'k' right?

A simpler and possibly sufficient approach would be to allow users
create "simple" mountpoints only, that is mount only volumes with names
exactly matching the mountpoints paths.

With the suggested changes it will be possible to automate
volume creation, in many practical situations.

Regards,
--
Rune
Received on 2006-04-19 08:08:49