Excerpts from mail: 28-Nov-94 Fwd: ACL cell setup questio..
Pierette_Maniago_Van@tra (574)
> > From: Keith Gorlen <[EMAIL PROTECTED]>
> >Warning: IP addresses on ACLs [...] and there is no similar
> >functionality under DCE/DFS in case you want to migrate someday.
> True, but DFS has other features that solve this problem.
> Specifically, you can put
> user:hosts/<hostname>/self:r-----
> on a DFS ACL, giving root on <hostname> access to the directory this
> ACL protects. Given that package (and rc for that matter) run as
> root, this DFS feature will allow package to get data from protected
> DFS directories.
> Pierette VanRyzin
> AFS/DFS Training
> Transarc Corporation
This is useful only for files (programs) *copied* by package to the
local disk at boot time. Files left in the DFS and accessed via symlink
(the majority, in our case) will be accessed by users running with their
credentials, not those of hosts/<hostname>/self. Substituting
hosts/<hostname>/self for the host's IP address on an ACL is not
equivalent, because under AFS, a user can be granted rights as *both*
himself *and* the machine he's running on; under DFS this is not so.
Thanks,
Keith Gorlen
Division of Computer Research and Technology
National Institutes of Health
Building 12A, Room 2033
12 SOUTH DR MSC 5624
BETHESDA MD 20892-5624
Phone: (301) 496-1111, FAX: (301) 402-2867
Internet: [EMAIL PROTECTED]
