lcd> 2. Protect the top level directory with system:anyuser l permissions
lcd> only. Everything is still unreadable, and the user can create
lcd> a public subdirectory if he/she wants to.
lcd> However, this means that many files now expected to be readable
lcd> by root are unreadable. Specifically,
lcd> .forward - sendmail expects to read this
lcd> .plan - finger expects to read this
lcd> calendar
lcd> .rhosts
lcd> and I've probably missed a few here.
lcd> And if you 'rlogin' rather than 'telnet' from one of our trusted
lcd> machines, you come in without a token and can't even read your
lcd> .login. [Side question - since rsh machine csh -i carries your
lcd> token along, has anyone modified an rlogin to do the same?]
The default setup for a user's home volume in umich.edu is to have the
top level with system:anyuser l (mainly to prevent world-readable
files for those who are unfamiliar with acls). All, or nearly all, the
dotfiles are symlinks into ~/Public, which has system:anyuser rl. This
setup seems to be working fine.
michael
