[OpenAFS] home on afs woes

Ken Hornstein kenh@cmf.nrl.navy.mil
Thu, 05 Jan 2006 10:32:44 -0500


>Most of our users will place files in their home directory, even in the top 
>level, expecting them to be secure. Additionally, I fully expect that most 
>users will leave permissions with the default settings. In this case, when a 
>user creates a directory it inherits the ACL privileges of its parent 
>directory. There is an expectation in our environment that content is secure 
>by default. That includes new directories not being world viewable. Depending 
>on your requirements of course, YMMV.

Given the choice between files possibly being world-readable and users
having to expose their password for every login (even if you're
encrypting the session, we've learned the hard way that isn't enough
anymore), we decided to go with the former.  As always, to each his or
her own.

--Ken