Jim,
Jim Rees wrote: > Actually it has turned out to be a blessing. There are very few situations > where in AFS you need to have an ACL on a file. > >Allow me to vehemently disagree. Lack of file acls is one of the greatest >misfeatures of afs. > >Take a look at your home directory for an example. Lots of little tiny >files and directories, some of which must be world readable, some of which >must not. My own home dir is a nightmare of symlinks. Same thing for >~/.ssh. And not having a separate "initial file acl" on directories means >if I want my home directory readable (so I can login without tokens) I run >the risk of having files like .Xauthority pop up, world readable, opening a >huge security hole. > Just for my info, why is this a huge security hole? -Brent > >DCE got a few things right, and this is one of them. >_______________________________________________ >OpenAFS-info mailing list >[EMAIL PROTECTED] >https://lists.openafs.org/mailman/listinfo/openafs-info > > -- Brent A. Johnson JPL File Services Engineer Jet Propulsion Laboratory Telephone: 4-2138 or 818-354-2138 Pager: 1-800-759-8888 PIN=1256866 _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
