From mboxrd@z Thu Jan 1 00:00:00 1970 From: Trond Myklebust Subject: Re: [PATCH] PAG support, try #2 Date: 18 May 2003 16:51:27 +0200 Sender: openafs-devel-admin@openafs.org Message-ID: References: <19800.1052933820@warthog.warthog> <20030515131825.G672@nightmaster.csn.tu-chemnitz.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: David Howells , Linus Torvalds , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, openafs-devel@openafs.org Return-path: To: Ingo Oeser In-Reply-To: <20030515131825.G672@nightmaster.csn.tu-chemnitz.de> Errors-To: openafs-devel-admin@openafs.org List-Help: List-Post: List-Subscribe: , List-Unsubscribe: , List-Archive: List-Id: linux-fsdevel.vger.kernel.org >>>>> " " == Ingo Oeser writes: > On Wed, May 14, 2003 at 06:37:00PM +0100, David Howells wrote: >> And then you have to have some method of prioritisation. You >> may find that user dhowells has a token for >> (fs=AFS,cell=redhat.com) and group engineering has a token for >> (fs=AFS,cell=redhat.com). Which do you use? > Union of both. And remember to subtract negative ACLs from > positive ACLs. Prioritize users over groups in case of explicit > mention. > This is standard permission checking. > Hmm, sounds too simple, so it must be wrong ;-) Quite. Now that you've done the math, please explain how this should be implemented efficiently. These are *networked* filesystems... Cheers, Trond