[OpenAFS] ACLs not working on afs volumes! Help!

[Christopher D. Clausen]

matt cocker wrote:
> If the volume mount point directory is owned by the users (i.e. the
> unix uid = pts uid) the user can add any acls they want regardless of
> what acls are set. If we make the directory owned by non user uid
> they can not. Unfortunately we needed to block some students web
> pages served out of homedir/public_html and tried to do it via acls.
> The problem is two fold in that we first noticed the problem on
> windows boxes and figured they knew nothing about unix security so
> the problem was something else. The second problem is that if I read
> you write we have to set the folder owner at the root of the volume,
> this would stop the users loggin into gdm which at the moment chack
> the user owns the homedirectory.
> So why is it done like this? Doesn't make a lot of sense in a multiple
> platform environment (where a lot of users use windows) to have things
> outside the afs security tools determining permissions?

Well, sometimes users do not understand ACLs and accidentally remove 
themselves from their own directory.  Its nice to not have to have an 
admin fix it.

<<CDC
Christopher D. Clausen
ACM@UIUC SysAdmin