James Barlow sez:
> Well, true, and not true. Actually every volumes top level directory
> ACL has to be protected. For instance I can get a list of all volumes
> in the transarc.com cell (or northstar.dartmouth.edu, etc.), mount each volume,
> then see if I can access that mount point and see how far I can go. So the
> drill-down problem is true for users who are traversing down web directories
> or ftp sites. But users with access to AFS client machines can mount any
> volume from virtually any cell.
Agreed, and I think we need to remember that we (and more likely) our users are
likely to forget that AFS protections do not inherit.
I smell a bunch of reminder messages going out soon ... :)
e.
----------------------------------------------------------------
[EMAIL PROTECTED] Esther Filderman [EMAIL PROTECTED]
Senior System Mangler, News & AFS Dominatrix
Pittsburgh Supercomputing Center
