[linux-elitists] network filesystem (not Samba nor NFS)

Academician Kula tkula@io.com
Wed Jun 16 08:40:58 PDT 2004

On Wed, Jun 16, 2004 at 10:58:55AM -0400, Etienne Goyer wrote:
> Academician Kula wrote:
> >Kerberos; it has a nice access control model (more advanced than
> >the standard user, group and world). 
> Does it conform to POSIX ACL, or is it some other semantic ?

Based at my brief glance of the 'POSIX' ACL stuff, it looks somewhat
similar. I'll just explain the AFS ACL mechanism briefly and let you
decide: AFS acls apply only to directories. You can have (currently)
up to 20 entries in a directory acl, and those entries can be either
users or lists of users. Lists have nothing to do with the standard
unix groups and won't know anything about them unless you shove them
into AFS in some manner. The permissions are:

 l - list files in this directory and see the directory acl (you need
     at least l permission to see into a directory or any directory
     below it)
 r - read files in directory
 w - write files in directory
 i - create new files in directory
 d - delete files from directory
 k - flock files in directory
 a - administer acl of directory

You can get all of the gory details at 
http://www.openafs.org/doc/index.htm Ignore the fact that it talks
about the Transarc AFS product, those documents are what was
released when IBM opened up the AFS source and still reflect 
(mostly) reality for OpenAFS.

Thomas L. Kula | tkula@io.com | http://www.madscientistresearch.net
Mathom House upon the Canw, The People's Republic of Ames

More information about the linux-elitists mailing list