[OpenAFS] Monitoring bad ACLs of webpages: best practices? faster search?

[Kevin Walsh]

Hello,

I'm working on problems caused by users mistakenly leaving excessive 
write permissions on the directories of their webpages.  Does anyone 
know if there is a best practices or other guidance document 
somewhere?   I realize the problem might not be so different from 
webpages hosted on non-AFS filesystems.

One solution we're considering is regularly scanning our webspace for 
excessively naive ACLs, but this is quite time consuming. Is there a 
faster way to search for specific ACLs than various incantations of 
gfind to fs-listacl, perhaps something that dumps all the ACLs of a 
volume, assuming they are kept on one spot?

Thanks for any possible insights.

~Kevin