On Fri, May 07, 2010 at 02:14:36PM -0400, Kevin Walsh wrote: > Hello, > > I'm working on problems caused by users mistakenly leaving excessive > write permissions on the directories of their webpages. Does anyone > know if there is a best practices or other guidance document > somewhere? I realize the problem might not be so different from > webpages hosted on non-AFS filesystems. > > One solution we're considering is regularly scanning our webspace > for excessively naive ACLs, but this is quite time consuming. Is > there a faster way to search for specific ACLs than various > incantations of gfind to fs-listacl, perhaps something that dumps > all the ACLs of a volume, assuming they are kept on one spot? >
We're not doing this, but we've considered using the dumpscan tools to churn through each night's backup volume dumps to look for stuff like this. We dump nearly every volume each night, and the machines that do the dumps are sitting there doing nothing for a good chunk of the day anyways.... -- Thomas L. Kula | [email protected] | http://kula.tproa.net/ _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
