From 9297cac918db53e127fc1eb3dcd94a8359db7c2c Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Mon, 29 Jan 2007 19:33:40 +0000 Subject: [PATCH 1/1] DEVEL15-document-fs-setacl-permissions-20070129 Better document the current state of implicit "a" rights on directories. (cherry picked from commit 3960a5ff1cfef0c3f6adfe6cf602b8c80078ce7d) --- doc/man-pages/pod1/fs_setacl.pod | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/doc/man-pages/pod1/fs_setacl.pod b/doc/man-pages/pod1/fs_setacl.pod index a6e9cdb..ec43702 100644 --- a/doc/man-pages/pod1/fs_setacl.pod +++ b/doc/man-pages/pod1/fs_setacl.pod @@ -263,8 +263,16 @@ and its F subdirectory). =head1 PRIVILEGE REQUIRED The issuer must have the C (administer) permission on the directory's -ACL; the directory's owner and the members of the system:administrators -group have the right implicitly, even if it does not appear on the ACL. +ACL, a member of the system:administrators group, or, as a special case, +must be the UID owner of the top-level directory of the volume containing +this directory. The last provision allows the UID owner of a volume to +repair accidental ACL errors without requiring intervention by a member of +system:administrators. + +Earlier versions of OpenAFS also extended implicit administer permission +to the owner of any directory. In current versions of OpenAFS, only the +owner of the top-level directory of the volume has this special +permission. =head1 SEE ALSO -- 1.9.4