[OpenAFS] home on afs woes

Lester Barrows barrows@email.arc.nasa.gov
Wed, 4 Jan 2006 14:18:51 -0800

On Wednesday 04 January 2006 1:30 pm, Ken Hornstein wrote:
> FWIW, we choose the exact opposite option (world readable home directory)
> for the exact same reason (lack of confidence in the vigilance of users).
> --Ken

Most of our users will place files in their home directory, even in the top 
level, expecting them to be secure. Additionally, I fully expect that most 
users will leave permissions with the default settings. In this case, when a 
user creates a directory it inherits the ACL privileges of its parent 
directory. There is an expectation in our environment that content is secure 
by default. That includes new directories not being world viewable. Depending 
on your requirements of course, YMMV.

Best regards,
Lester Barrows