[OpenAFS] ACL for single files
Hartmut Reuter
reuter@rzg.mpg.de
Wed, 15 Sep 2004 13:13:06 +0200
Sensei wrote:
> Hi.
>
> I have a question about ACLs: is it possible to set ACLs for a file in a
> directory? The problem is this: in the home directory .bashrc contains
> the call to aklog, but it's not readable by anyone since the home dir is
> readable only by the owner. AKlog has to be called, so I'd like to have
> that system:anyuser rl for .bashrc, but not for the entire directory.
In our MR-AFS fileservers we have an optional switch on volume basis
which allows to use the modebits for other to control the access of
unauthenticated users (system:anyuser). This certainly could be implemented
easily in OpenAFS fileservers as well.
We didn't set this flag automatically for all user volumes because it
narrows
the access: If someone has given read access on the root directory of
his home volume to system:anyuser then after switching this feature on
only
files with the the other-read-bit on remain accessable. So it requires some
new unusual attention of the users.
Hartmut
>
> I read many things but it seems that fs setacl can work on directories,
> so how would you avoid this problem? Can you help me?
--
-----------------------------------------------------------------
Hartmut Reuter e-mail reuter@rzg.mpg.de
phone +49-89-3299-1328
RZG (Rechenzentrum Garching) fax +49-89-3299-1301
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)
-----------------------------------------------------------------