[OpenAFS] dropbox style ACLs on AFS under OSX/Windows

Chris McClimans Chris.McClimans@ttu.edu
Wed, 1 Sep 2004 16:09:04 -0500


'li' sounds like a reasonable dropbox style directory permission, but 
with the nature of the GUIs we use today it's getting more and more 
difficult.

'li' doesn't work on XP but did on 2k
I had to add write permissions and make it 'liw' (which would allow 
folks to over write the file)... terrible but for simple classwork 
submissions it seemed like a good idea.

'liw' also worked on OSX 10.2... but now with 10.3 the nature of the 
beast has changed again!

Take a look at this:

$:/afs/cs.ttu.edu/classes/cs/1412/inbox chris$ fs listacl .
Access list for . is
Normal rights:
   cs1412:admin rlidwka
   system:administrators rlidwka
   system:anyuser liw

Now try and drag and drop a file into that folder (unauthenticated) and 
you get the following popup message and resulting files:

Copying "filename.txt" to "inbox"
The operation cannot be completed because you do not have sufficient 
privileges for some of the items.
(OK)

$:/afs/cs.ttu.edu/classes/cs/1412/inbox chris$ ls -la
total 574
drwxrwxrwx  4 daemon  staff    2048  1 Sep 16:02 .
drwxrwxrwx  5 root    wheel    2048  5 Feb  2004 ..
-rw-rw-rw-  1 32766   chris      82  1 Sep 16:02 ._osxworkshop.pdf
-rw-rw-rw-  1 32766   chris       0  1 Sep 16:02 osxworkshop.pdf

$:/afs/cs.ttu.edu/classes/cs/1412/inbox chris$ cat ._osxworkshop.pdf
2 RbrokMACS

It almost looks like it tries to create files or just touch them then 
try to fill them up. If I add read permissions everything works 
fine.... but then everystudent could read anything in the 'write only' 
drop box for homework submission.

Any thoughts or suggestions on the subject?

--
Chris McClimans  / CCIE Security #11041, CCNA, CCNP, MCSE
Director of Undergraduate Labs / Texas Tech Computer Science