I would like to make a couple of additions to the proposed model.
Permission Sets.
Allow the administrator to define a named set of permissions, and then
use the name as a permission later on. Permission sets would be
evaluated dynamically, so that changing the set definition would cha
Darren J Moffat wrote:
Mark Shellenbaum wrote:
Darren J Moffat wrote:
Bill La Forge wrote:
I like to think of delegation as being a bit different than granting
permision--in fact, as a special permission that may include counts.
For example, you might delegate to a manager the ability to gra
Mark Shellenbaum wrote:
Darren J Moffat wrote:
Bill La Forge wrote:
I like to think of delegation as being a bit different than granting
permision--in fact, as a special permission that may include counts.
For example, you might delegate to a manager the ability to grant
select permissions.
On 7/18/06, Mark Shellenbaum <[EMAIL PROTECTED]> wrote:
Darren J Moffat wrote:
> Bill La Forge wrote:
>> I like to think of delegation as being a bit different than granting
>> permision--in fact, as a special permission that may include counts.
>>
>> For example, you might delegate to a manager
Darren J Moffat wrote:
Bill La Forge wrote:
I like to think of delegation as being a bit different than granting
permision--in fact, as a special permission that may include counts.
For example, you might delegate to a manager the ability to grant
select permissions. You may want to limit the
Bill La Forge wrote:
I like to think of delegation as being a bit different than granting
permision--in fact, as a special permission that may include counts.
For example, you might delegate to a manager the ability to grant select
permissions. You may want to limit the number of users the man
Darren Reed wrote:
Then make the removal operation another arg to "allow".
Or better yet, use a pair of words where you're not tempted to use bad
English, such as "grant" and "revoke",
or just use "revoke" anyway?
Grant matches what we do with authorisations in RBAC.
You grant a user an aut
I like to think of delegation as being a bit different than granting
permision--in fact, as a special permission that may include counts.
For example, you might delegate to a manager the ability to grant
select permissions. You may want to limit the number of users the
manager may grant these
Jeff Bonwick wrote:
PERMISSION GRANTING
zfs allow [-l] [-d] <"everyone"|user|group> [,...] \
...
zfs unallow [-r] [-l] [-d]
If we're going to use English words, it should be "allow" and "disallow".
The problem with 'disallow' is that it implies precluding a behavior
that wo
Jeff Bonwick wrote:
PERMISSION GRANTING
zfs allow [-l] [-d] <"everyone"|user|group> [,...] \
...
zfs unallow [-r] [-l] [-d]
If we're going to use English words, it should be "allow" and "disallow".
The problem with 'disallow' is that it implies precluding a beha
> >PERMISSION GRANTING
> >
> > zfs allow [-l] [-d] <"everyone"|user|group> [,...] \
> >...
> > zfs unallow [-r] [-l] [-d]
> >
>
> If we're going to use English words, it should be "allow" and "disallow".
The problem with 'disallow' is that it implies precluding a behavior
that would no
Mark Shellenbaum wrote:
Glenn Skinner wrote:
The following is a nit-level comment, so I've directed it onl;y to you,
rather than to the entire list.
Date: Mon, 17 Jul 2006 09:57:35 -0600
From: Mark Shellenbaum <[EMAIL PROTECTED]>
Subject: [zfs-discuss] Proposal
Mark Shellenbaum wrote:
The following is the delegated admin model that Matt and I have been
working on. At this point we are ready for your feedback on the
proposed model.
-Mark
PERMISSION GRANTING
zfs a
James Dickens wrote:
On 7/17/06, Mark Shellenbaum <[EMAIL PROTECTED]> wrote:
The following is the delegated admin model that Matt and I have been
working on. At this point we are ready for your feedback on the
proposed model.
-Mark
PERMISSION GRANTING
zfs allow [-l] [-d] <"ever
Glenn Skinner wrote:
The following is a nit-level comment, so I've directed it onl;y to you,
rather than to the entire list.
Date: Mon, 17 Jul 2006 09:57:35 -0600
From: Mark Shellenbaum <[EMAIL PROTECTED]>
Subject: [zfs-discuss] Proposal: delegated administration
Th
On 7/17/06, Mark Shellenbaum <[EMAIL PROTECTED]> wrote:
The following is the delegated admin model that Matt and I have been
working on. At this point we are ready for your feedback on the
proposed model.
-Mark
PERMISSION GRANTING
zfs allow [-l] [-d] <"everyone"|user|group> [,..
On Mon, Jul 17, 2006 at 10:11:35AM -0700, Matthew Ahrens wrote:
> > I want root to create a new filesystem for a new user under
> > the /export/home filesystem, but then have that user get the
> > right privs via inheritance rather than requiring root to run
> > a set of zfs commands.
>
> In that
Bart Smaalders wrote:
Matthew Ahrens wrote:
On Mon, Jul 17, 2006 at 10:00:44AM -0700, Bart Smaalders wrote:
So as administrator what do I need to do to set
/export/home up for users to be able to create their own
snapshots, create dependent filesystems (but still mounted
underneath their /expor
Matthew Ahrens wrote:
On Mon, Jul 17, 2006 at 10:00:44AM -0700, Bart Smaalders wrote:
So as administrator what do I need to do to set
/export/home up for users to be able to create their own
snapshots, create dependent filesystems (but still mounted
underneath their /export/home/usrname)?
In ot
On Mon, Jul 17, 2006 at 10:00:44AM -0700, Bart Smaalders wrote:
> >>So as administrator what do I need to do to set
> >>/export/home up for users to be able to create their own
> >>snapshots, create dependent filesystems (but still mounted
> >>underneath their /export/home/usrname)?
> >>
> >>In oth
Bart Smaalders wrote:
Matthew Ahrens wrote:
On Mon, Jul 17, 2006 at 09:44:28AM -0700, Bart Smaalders wrote:
Mark Shellenbaum wrote:
PERMISSION GRANTING
zfs allow -c [,...]
-c "Create" means that the permission will be granted (Locally) to the
creator on any newly-created descendant file
Matthew Ahrens wrote:
On Mon, Jul 17, 2006 at 09:44:28AM -0700, Bart Smaalders wrote:
Mark Shellenbaum wrote:
PERMISSION GRANTING
zfs allow -c [,...]
-c "Create" means that the permission will be granted (Locally) to the
creator on any newly-created descendant filesystems.
ALLOW EXA
On Mon, Jul 17, 2006 at 09:44:28AM -0700, Bart Smaalders wrote:
> Mark Shellenbaum wrote:
> >PERMISSION GRANTING
> >
> > zfs allow -c [,...]
> >
> >-c "Create" means that the permission will be granted (Locally) to the
> >creator on any newly-created descendant filesystems.
> >
> >ALLOW EXAMPL
Mark Shellenbaum wrote:
The following is the delegated admin model that Matt and I have been
working on. At this point we are ready for your feedback on the
proposed model.
Overall this looks really good.
I might have some detailed comments after a third reading, but I think
it certainly co
Mark Shellenbaum wrote:
The following is the delegated admin model that Matt and I have been
working on. At this point we are ready for your feedback on the
proposed model.
-Mark
PERMISSION GRANTING
zfs al
The following is the delegated admin model that Matt and I have been
working on. At this point we are ready for your feedback on the
proposed model.
-Mark
PERMISSION GRANTING
zfs allow [-l] [-d] <"everyone"|user|group> [,...] \
zfs allow [-l] [-d] -u [,..
26 matches
Mail list logo
