In my view, Coda needs a lot of work. The documents need to be brought up to date and expanded, especially to explain things clearly to ordinary users.
Some short term suggestions: I think kclog and kauth2 should be modified to allow you to specify a token's lifetime, anywhere from minutes to months. Also I think cfs should have a 'copyacl' subcommand to ease restoring from backups and for other purposes.
A more complicateed suggestion, and one is not so easy to implement: I would like to see the protection and volume data bases, as well as the backup database, controlled by a server rather like AFS's ptserver, vlserver, and buserver. This would allow users and administrators to do things on Coda clients using a cfs-like interface to each data base, and with permissions given according to a user's Coda tokens. This would solve both my problem with group management, and my problem with forcing the system administrator to log into the SCM or some other special machine as root.
I'd also like to see the dangerous subcommands of cfs controlled either in this way or by their being moved to another utility which root alone can run. Also I wonder whether Coda should implement something like AFS's Program Authentication Groups, particularly since the supporting code can probably be taken from KTH's Kerberos implementations.
Finally, I wonder whether Coda's success as high-availability software is impaired by the dependence of a cell on a single System Control Machine. Of course, my understanding may simply by faulty. AFS has an elaborate system in which candidate machines vote and elect a controlling machine at regular intervals. Granted, in AFS the system doesn't always work perfectly, but surely this can be managed? Shouldn't there be some way to change the SCM automatically, without manual intervention?