Coda File System

acl "transitivity"

From: <u+codalist-wk5r_at_chalmers.se>
Date: Tue, 26 Jan 2010 09:42:07 +0100
Hello Don,

> > See the wiki for limitations.

 http://coda.wikidev.net/Limitations

> a *nix filesystem, I would simply chmod the directory 711 with directory 
> contents 644/755 (file/dir) -- contents of directory are globally 
> accessible, so long as one knows the name. 

I see, you do not want the names to be visible.
There is an ACL 'l' flag for directory readability.

--------------------------------------------------------------------

A bit of gory details on ACLs in general: limiting access to some
directory does not necessarily limit access to all paths under that
directory as somebody else can mount volumes in an arbitrary tree and
thus bypass some parts of paths. In that sence volume root directories
are special.

On the other side, you should not assume that protecting a volume root
directory protects all data in that volume. There may be ways to access
other objects in the volume given some extra information and given a
suitable ACL on _that_ object['s directory]. So better do not assume
transitivity of the ACLs even inside a single volume. If curious see a
recent discussion on openafs-devel list.

Regards,
Rune
Received on 2010-01-26 03:43:45