[OpenAFS] ACL question
Tino Schwarze
tino.schwarze@informatik.tu-chemnitz.de
Fri, 23 May 2003 10:40:06 +0200
On Fri, May 23, 2003 at 10:21:28AM +0200, jarausch@igpm.rwth-aachen.de wrote:
> I have a subdirectory where system:anyuser only has read rights. There
> are files in this directory which are readable and/or executable for
> group G. Having not klog(ged in) I neither read nor execute a file in
> this directory although I am a member of this group G.
Without a token, you are system:anyuser, nothing more. Your Unix groups
are of no use for AFS ACL (remember: If I'm root on the client, I can
make any user belong to any group I want to.).
> There are no problems if I extend system:anyuser's rights
> to read+list
>
> What have I missed and what's the sense of the read
> access right?
The sense is that you might want a user to see the files, but not read
them (neccessary if you want to give rights to subdirectories).
Therefore, you can have
dir $user: l
|
+--- subdir $user: rl
This is useful for home directories: I have directories PROTECTED and
PUBLIC. My home directory only has "l" for system:anyuser, PUBLIC has
"rl", PROTECTED has special rights for special people.
HTH! Tino.
--
* LINUX - Where do you want to be tomorrow? *
http://www.tu-chemnitz.de/linux/tag/