On 06/14/00 15:37:57 -0400 Morris Strongson <[EMAIL PROTECTED]> wrote:
+-----
| Several of our users have expressed interest in having their home
| directories point to their AFS areas. What we are afraid of is the fact
| that they would be world-readable and that sensitive files would
| be visible and dangerous.
+--->8
Our solution is:
~ is system:authuser rl system:anyuser rl
~/Private is system:authuser none system:anyuser none
security-critical files are symlinked under ~/Private
Note: my experience is that if you use Transarc's login instead of a
Kerberos login, ~ can safely be system:anyuser l but not system:anyuser
none; if using Kerberos login, ~ needs to be at least system:anyuser rl or
login will dump the user in / with a diagnostic about an inaccessible home
directory.
If a directory foo is ACLed to forbid access to someone, they cannot access
foo/bar even if an ACL on foo/bar grants them access because getting there
requires traversal of foo. They can, however, get to foo/bar if an ACL on
foo grants them "l" access.
--
brandon s. allbery [os/2][linux][solaris][japh] [EMAIL PROTECTED]
system administrator [WAY too many hats] [EMAIL PROTECTED]
electrical & computer engineering KF8NH
carnegie mellon university ["better check the oblivious first" -ke6sls]
