[OpenAFS] tool to facilitate ACL cleanup

Todd Lewis utoddl@email.unc.edu
Wed, 8 Oct 2014 14:23:51 -0400


I'm looking for a tool or procedure that will look at ACLs in a directory 
tree in AFS and suggest (possibly new) groups, memberships, and 
permissions to help straighten out the mess that has grown there over the 
years.

We have an aging cell, and as projects have come and gone, we've 
accumulated some rather ad hoc ACLs, some using groups, some not, some 
with users who are no longer around... I try to discourage putting 
individual users in ACLs in project group space, preferring instead use 
groups in ACLs and put users in groups. But many times individuals were 
added directly to one or more directory ACLs because it was easier at the 
time. Some of these have become all but unmanageable.

If anyone has suggestions for strategies or specific tools to facilitate 
cleaning up small to medium sized nightmare forests of ACLs, I'd love to 
hear about them.
-- 
    +--------------------------------------------------------------+
   / Todd_Lewis@unc.edu  919-445-0091  http://www.unc.edu/~utoddl /
  /                Acupuncture is a jab well done.               /
+--------------------------------------------------------------+