[OpenAFS] ACL for single files

Derek Atkins warlord@MIT.EDU
Wed, 15 Sep 2004 09:04:58 -0400


Sensei <senseiwa@tin.it> writes:

> Hi.
> I have a question about ACLs: is it possible to set ACLs for a file in a
> directory? The problem is this: in the home directory .bashrc contains
> the call to aklog, but it's not readable by anyone since the home dir is
> readable only by the owner. AKlog has to be called, so I'd like to have
> that system:anyuser rl for .bashrc, but not for the entire directory.
> I read many things but it seems that fs setacl can work on directories,
> so how would you avoid this problem? Can you help me?

The short answer is: no, you cannot set ACLs on files.  To handle this
particular create a Public directory, setacl Public to system:anyuser
rl, move your .bashrc into Public, and symlink .bashrc from your
homedir to your Public dir.

Or you can change your login system to get tokens during the login
process (ala PAM).

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available