> And, if you protect the toplevel, you're safe from the
> drill-down problem.
Well, true, and not true. Actually every volumes top level directory
ACL has to be protected. For instance I can get a list of all volumes
in the transarc.com cell (or northstar.dartmouth.edu, etc.), mount each volume,
then see if I can access that mount point and see how far I can go. So the
drill-down problem is true for users who are traversing down web directories
or ftp sites. But users with access to AFS client machines can mount any
volume from virtually any cell.
How interesting; I hadn't thought of that. OTOH, we've always had _that_
problem - what's different now? The web doesn't really give you anything
other than cell names, which you can presumably find from any AFS client
machine you can mount volumes from...
--paw
- Black Book of AFS article and other concerns Jim Barlow
- Re: Black Book of AFS article and other concerns Pat Wilson
- Re: Black Book of AFS article and other concerns Jim Barlow
- Re: Black Book of AFS article and other conc... Esther Filderman
- Re: Black Book of AFS article and other concerns Jim McKinney
- Re: Black Book of AFS article and other concerns Russ Allbery
- Re: Black Book of AFS article and other concerns Paul Blackburn
- Re: Black Book of AFS article and other concerns paw
- Re: Black Book of AFS article and other concerns Nathan Rawling
- Re: Black Book of AFS article and other concerns Esther Filderman
- Re: Black Book of AFS article and other conc... Andy Glew
- Re: Black Book of AFS article and other ... RL 'Bob' Morgan
- Re: Black Book of AFS article and o... Esther Filderman
- Re: Black Book of AFS article and other concerns paw
