>Running a ``standard'' delivery program authenticated as some
>designated AFS user will meet the criterion for reading .forward
>without giving world-read permissions to home directories.
I missed the first part of the conversation, so I'm sorry if someone
already stated the following:
It is not necessary to give world read access to the home directories
to allow .forward to work. An alternative is to give only world
lookup access (system:anyuser l) on the home directory and give world
read and lookup on a subdirectory. Then create a symbolic link in
the home directory that points to the .forward file in the public
subdirectory. For example
# ls -al
lrwxr-xr-x 1 nelson 11 Dec 8 1992 .forward -> Public/.forward
drwxr-xr-x 8 nelson 4096 May 25 15:41 Public
#ls -al Public
-rw-r--r-- 1 nelson 36 Aug 14 1992 .forward
#fs la ~
Access list for .....nelson is
Normal rights:
system:anyuser l
nelson rlidwka
#fs la ~/Public
Access list for ......nelson/Public is
Normal rights:
system:anyuser rl
nelson rlidwka
Of course in the above scenario, anything put into the Public
directory would then be readable by the world.
-Randy Nelson
Rose-Hulman Inst. of Tech
Terre Haute, IN
