> I'm not sure if I'm misunderstanding you or Adam... because, yes it does > mean that. You can access files in foo/bar/ if you have the rights on > foo/bar/; the rights on foo/ do not come into play. Right?
Also remember that foo/bar/ *could* be a different volume than foo/ (not in the example, but generically), and that volume may be mounted in many other locations, with different path permissions (or .../bar/ split into another volume at some future point to manage space, allowing others to mount it via different paths/permissions). For "planning" purposes, plan that only the ACLs on the lowest level matter. Do not depend on path ACLs to enforce policy. (This thread brings back memories of the "access by inode" issue that some unix variants have offered, and the path permissions discussions.) _______________________________________________ AFS3-standardization mailing list [email protected] http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
