[OpenAFS] ACL for single files

Hartmut Reuter reuter@rzg.mpg.de
Wed, 15 Sep 2004 13:13:06 +0200

Sensei wrote:
> Hi.
> I have a question about ACLs: is it possible to set ACLs for a file in a
> directory? The problem is this: in the home directory .bashrc contains
> the call to aklog, but it's not readable by anyone since the home dir is
> readable only by the owner. AKlog has to be called, so I'd like to have
> that system:anyuser rl for .bashrc, but not for the entire directory.

In our MR-AFS fileservers we have an optional switch on volume basis
which allows to use the modebits for other to control the access of
unauthenticated users (system:anyuser). This certainly could be implemented
easily in OpenAFS fileservers as well.

We didn't set this flag automatically for all user volumes because it 
the access: If someone has given read access on the root directory of
his home volume to system:anyuser  then after switching this feature on 
files with the the other-read-bit on remain accessable. So it requires some
new unusual attention of the users.


> I read many things but it seems that fs setacl can work on directories,
> so how would you avoid this problem? Can you help me?

Hartmut Reuter                           e-mail reuter@rzg.mpg.de
					   phone +49-89-3299-1328
RZG (Rechenzentrum Garching)               fax   +49-89-3299-1301
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)