[OpenAFS] anon FTP upload directory ACL

[Turbo Fredriksson]

I have my whole FTP system on AFS. I'd like to create a special
'incoming' directory...

The FTP system have the ACL's

        [papadoc.pts/1]$ fs la /afs/bayour.com/public/ftp
        Access list for /afs/bayour.com/public/ftp is
        Normal rights:
          system:administrators rlidwka
          system:anyuser rl

My first guess of the incoming was/is

        [papadoc.pts/1]$ fs la /afs/bayour.com/public/ftp/incoming
        Access list for /afs/bayour.com/public/ftp/incoming is
        Normal rights:
          system:administrators rlidwka
          system:anyuser rlidwk
        Negative rights:
          system:anyuser rd

My idea was that anonymous have write access, but not
read. That so they can UPLOAD to this directory, but
not delete/view/download anything from it...

This works partially. I can upload as anonymous, I can't
delete or download (nor view) anything. I can however
view the content of the DIRECTORY (ls -l etc).

The big problem is that if 'anonymous' uploads anything,
I (as user 'turbo' with admin rights) can't delete this
file!

        [papadoc.pts/1]$ bos listusers papadoc
        SUsers are: turbo
        [papadoc.pts/1]$ tokens
        
        Tokens held by the Cache Manager:
        
        User's (AFS ID 1) tokens for afs@bayour.com [Expires Jun  1 20:57]
           --End of list--
        [papadoc.pts/1]$ date
        Sat Jun  1 16:57:45 CEST 2002
        [papadoc.pts/1]$ rm /afs/bayour.com/public/ftp/incoming/krb5_newrealm.txt
        rm: cannot unlink `/afs/bayour.com/public/ftp/incoming/krb5_newrealm.txt': Permission denied

So what am I'm doing wrong here?
-- 
arrangements Semtex class struggle Noriega critical Panama security
CIA congress KGB Cocaine Cuba ammunition Serbian nitrate
[See http://www.aclu.org/echelonwatch/index.html for more about this]