(Illustration by Gaich Muramatsu)
On Thu, May 05, 2016 at 02:09:36PM -0400, Jan Harkes wrote: > when creating a new volume' setting. It is actually hard to do this > right at the createvol_rep scripting level because setting acls requires > access to the volume through /coda, but right after creation the volume > isn't mounted anywhere, and the VRDB/VLDB databases may not even be > synced to all servers yet so even if we force a temporary mount the > mountpoint may not resolve right away. Aw, now I remember why we used to need the System:AnyUser ACL on the root of a new volume. Before realms, the /coda mountpoint would be the root directory of the first created volume. But to authenticate we clog needed access to /coda/.CONTROL, which was not possible without AnyUser access for unauthenticated users. So there was a bootstrapping chicken and egg issue when we didn't set that ACL by default. But because of realms, we don't have to care anymore because /coda is a directory invented by venus to show realm mountpoints that will allow access even to unauthenticated users. So we can safely remove the System:AnyUser default acl when creating a new volume root because the admin can always set it when he creates the new mount point. JanReceived on 2016-05-05 14:16:30