Coda File System

design, beyond AFS - more?

From: Ivan Popov <>
Date: Wed, 23 Oct 2002 16:51:59 +0200 (MET DST)

thinking of smooth ways to let a group of people create volumes
without distributing a "Coda super user" password.

One way is of course login-authorization on scm, letting people run
scripts as super-user (e.g. via sudo) and thoroughly checking their input
and arguments, with a homegrown "acls" implemented at different levels.

Nothing I would like to set up and rely on.

Now when we can (and should imho) put the volume name information into
the filesystem
["cfs mkm <path>" creates a mountpoint for the volume named "<path>"]

we might want to put even more volume-related information there and use
the Coda acls for authorization? The acls can lie in dedicated volumes,
maintainable by the Coda superuser only...

[xyz below is a placeholder for future realm name, in the traditional coda
it is an empty string]

$ cfs la /coda/xyz/this_realm_servers/
    <me> lrw    [may mean "delete and create volumes",
                 file creation operations should be not allowed,
                 then no extra magic is needed to expose this info]

$ cfs la /coda/xyz/this_realm_servers/
    <me> l

$ cfs la /coda/xyz/this_realm_servers/
    <me> lw     [may mean "create volumes"]

$ cfs la /coda/xyz/a
    <me> rlidwka

$ cfs mkvolume /coda/xyz/a/b

$ cfs mkm /coda/xyz/a/b

$ cfa la /coda/xyz/a/b

[and may be even]
$ ls /coda/xyz/this_realm_servers/
 <volume list>


Thanks for Coda, it is a great software!
Received on 2002-10-23 10:57:46