[HCoop-Discuss] share domain control between two accounts

[Adam Chlipala]

docelic wrote:
> Yes, you can give them access only to a subdomain, that is 
> supported in Domtool.
>
> If they are applying for an account, no need for them to have
> to browse your home directory to reach their subdomain files;
> just let them file the subdomain.zentus.com request and keep files
> in their directory, to which you may be given write access for
> convenience.
>   

Just to make sure it's perfectly clear: Domtool has separate ACLs from 
AFS ACLs.  Any number of users can have permissions to configure a 
domain, and this is mostly separate from where folks might store their 
domain configuration files.  The important exception is when we need to 
reload all configuration for some reason, at which time we look only in 
members' ~/.domtool directories.  This means that any "production" 
configuration should live in someone's ~/.domtool directory.

If you have a trusting relationship with the user you are collaborating 
with, one of you can grant the other write access to his whole 
~/.domtool directory.  You can't set file-level permissions with AFS, 
and Domtool doesn't traverse ~/.domtool subdirectories yet, so this is 
your only option as Domtool is implemented today.  I can improve it as 
needed to cope with new situations like yours, though.