[OpenAFS] home on afs woes

Rodney M Dyer rmdyer@uncc.edu
Thu, 05 Jan 2006 16:21:52 -0500

At 03:30 PM 1/5/2006, Lester Barrows wrote:
>On Thursday 05 January 2006 7:32 am, Ken Hornstein wrote:
>This appears to be a security decision based primarily on a technical
>limitation in AFS. The per-directory ACL limitation itself was more or less
>what I was discussing, as it has caused me more than its share of headaches.
>If I could place an ACL on a file and have it alone be readable/listable by
>the authentication process, that would be ideal. It's great that a world
>listable/readable top level home directory configuration works for your
>environment's security requirements, and it certainly saves a bit of work. It
>just isn't sufficient to comply with our security plans.

Wasn't there some talk about the DFS code being opened?  And didn't DFS 
have file level ACLs?  Could any of that code be ported to AFS, or is there 
already a project underway for file level ACLs in AFS?


Rodney M. Dyer
Windows Systems Programmer
Mosaic Computing Group
William States Lee College of Engineering
University of North Carolina at Charlotte
Email: rmdyer_at_uncc.edu
Web: http://www.coe.uncc.edu/~rmdyer
Phone: (704)687-3518
Help Desk Line: (704)687-3150
FAX: (704)687-2352
Office:  Cameron Applied Research Center, Room 232