[OpenAFS] anon FTP upload directory ACL

[Turbo Fredriksson]

>>>>> "Charles" == Charles Clancy <security@xauth.net> writes:

    Charles> Try just giving system:anyuser "iwk" rights.  You
    Charles> probably don't even need "k" rights.

----- s n i p -----
[papadoc.pts/1]$ fs listacl /afs/bayour.com/public/ftp/incoming
Access list for /afs/bayour.com/public/ftp/incoming is
Normal rights:
  system:administrators rlidwka
  system:anyuser iw
----- s n i p -----

Then 'anonymous' can DELETE files in incoming! And it's still possible
to VIEW files (and the directory itself)...

    Charles> Add "l" if you want
    Charles> anonymous user to be able to see an ls.

That I don't want...

    Charles> See, the negative rights are overriding your access when
    Charles> you have a token.  Just don't use the negative rights.

Shouldn't it just override 'system:anyuser', since that's what's
specified... ?
-- 
kibo South Africa Panama Khaddafi nuclear munitions Clinton
supercomputer NSA terrorist explosion NORAD Qaddafi $400 million in
gold bullion counter-intelligence
[See http://www.aclu.org/echelonwatch/index.html for more about this]