From f6c63bdb2be5ccc0c6133bf87025d37805579005 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 27 Mar 2013 12:51:46 -0700 Subject: Allow owners of objects to destroy them by default Owners of wallet objects are now allowed to destroy them. In previous versions, a special destroy ACL had to be set and the owner ACL wasn't used for destroy actions, but operational experience at Stanford has shown that letting owners destroy their own objects is a better model. Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f Reviewed-on: https://gerrit.stanford.edu/973 Reviewed-by: Russ Allbery Tested-by: Russ Allbery --- server/wallet-backend | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'server/wallet-backend') diff --git a/server/wallet-backend b/server/wallet-backend index 9d45982..fc3434e 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -335,7 +335,7 @@ __END__ =for stopwords wallet-backend backend backend-specific remctld ACL acl timestamp getacl setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery -autocreate +autocreate MERCHANTABILITY NONINFRINGEMENT sublicense =head1 NAME @@ -386,9 +386,9 @@ C and C, which use the C ACL, C, which uses the C ACL, and C, which uses the owner or C ACL depending on whether one is setting or retrieving the comment. If the appropriate ACL is set, it alone is checked to see if the user has access. -Otherwise, C, C, C, C, C, C, -and C access is permitted if the user is authorized by the owner -ACL of the object. +Otherwise, C, C, C, C, C, C, +C, and C access is permitted if the user is authorized +by the owner ACL of the object. Administrators can run any command on any object or ACL except for C and C. For C and C, they must still be authorized by -- cgit v1.2.3