>The problem of restricting access to files in directories with rl-rights = > >for system:anyuser could be solved by a different implementation in the=20 >fileserver: We did this for MR-AFS in the way that the mode-bits for=20 >"other" restrict the access for system:anyuser. The problem here is that = > >users have been told too long that the mode-bits for "group" and "other" = > >are worthless in AFS and they mostly ares set randomly. Therefore we=20 >require the fileserver to be started with an option "-modebits" in order = > >to enable this feature. > >This could easily be implemented in OpenAFS as well.
I'm reading this discussion with interest, especially after having posted essentially the same suggestion in another thread (See subject: "Hidden directories"). I think having more "unix-like" filesystem semantics would be a very good thing, at least as much as possible given the limitations of a networked filesystem. I also agree that per-file ACLs are overkill in terms of the design of AFS, especially when the existing mode bits could be reused for much of the same purpose without any large architectural changes to AFS. One thing I would point out about the way you are doing it, is that forcing the AFS admin to use a global flag to enable modebits probably would not be acceptable in large cells with tens of thousands of user, it would be an upgrade, not to mention educational nightmare. A better way to enable this functionality would be for this to be a per-user profile flag. Then, backwards compatibility with old AFS behaviorwould be the default, but users who are aware of and want this new functionality would execute a command to enable the modebits for directories they own. Alternately, modebits could be enabled per-directory if that led to an easier implementation, although I think per-user would be more friendly. Tom _________________________________________________________________ Get a speedy connection with MSN Broadband.� Join now! http://resourcecenter.msn.com/access/plans/freeactivation.asp _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
