On Wednesday, September 14, 2005 03:32:09 -0700 Tim Spriggs
<[EMAIL PROTECTED]> wrote:
Hi Jeffrey,
Could you explain how you would have OpenAFS deny the user the ability
to execute "NET USE G: /D"?
Good question. I can disable the gui forms of disconnect with gpedit.msc
but that does not prevent applications (such as net or openafs) from
mounting/unmounting new drive letters. (What a pain)
It also looks like "net use G: /D" does not care if files are opened or
not. I'm not familiar with the windows API but it really seems odd to me
that there is no kind of persistant network share that can be made
available to users (that isn't deprecated). I guess I am just too used to
Unix-isms.
There are perfectly good persistent pathnames available to all users, which
are only superficially different from those you'd use on UNIX: \\AFS\*
It might help if you think of drive letter mappings as behaving more like
symbolic links than mounted filesystems. If you make G: map to
\\AFS\GMU.EDU\SOME\PATH, then when a user accesses a file in G:, they are
really accessing that path. Changing the drive letter mapping doesn't
break open files any more than changing a symlink named /G would on a UNIX
system.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
