This is probably a subject that has been discussed many times before
so perhaps somebody already have a good answer to it.
The scenario is like this: an old user has all his files living in an
UFS filesystem which is NFS exported over the network. He likes to be
"public" with the things he does so he keeps an 002 umask so that
everybody may read his files but he also keeps a small number of
secret files in the top level of his home directory. Names of those
files might be .Xauthority, mbox etc.
The user still wants to be "public" when his files are moved to AFS so
he puts system:anyuser rl on the new home directory. But now he discover
that everybody can read his mbox and he goes mad and call me all kinds
of names. Then I suggest that he make a private directory where he might
keep his secret files and use symbolic links to put them in his top
directory. But very soon you realize that many programs unlink that
symlink when they update the file and now the file is public again.
One thing that could be used to solve this particular problem would be
to use the unix others rwx bits instead of the unix owner rwx bits
whenever a file is accessed by a user who is implicitly on a
particular list. Here implicitly means that the user has access right
because he is on the system:anyuser, system:authuser or on a
particular network.
Would many things start to break if this change is done?
Are there other simpler and cleaner solutions that are already used?
I believe that only minor changes to the fileserver and cachemanager
would be necessary to make this change, but I don't have access to the
sources so I really don't know.
Comments and experiences on this are very much welcome!
Cheers,
Bj|rn
