[112] in DCNS Development
Directory protections in AFS
daemon@ATHENA.MIT.EDU (nschmidt@Athena.mit.edu)
Tue Sep 24 09:06:52 1991
From: nschmidt@Athena.mit.edu
To: developers@Athena.mit.edu
Date: Tue, 24 Sep 91 09:06:33 EDT
I recently ran into something that I had been unaware of in how AFS treats
protections of subdirectories, and Peter suggested that I post it to
developers to get a conversation going. I had left my top level directory
readable to a very large number of people, largely because the .tc file for
the calendar program lives there. Not having realized that under AFS all new
directories that are greated inherit the protections of the parent, I put all
kinds of information into subdirectories, assuming that they would be as
confidential as they had been under NFS unless I explicitly allowed others
to have read rights. I chanced to check the protections
on one of my lower level directories yesterday and low and behold the files
there were open to all kinds of people. Having been brought up with NFS, I
was aghast and Dot helped me out by writing a shell script that went through
all of my lower level directories to restrict access. When I mentioned this
to Mark Rosenstein, his reaction was:
>>This, by itself, seems to make sense. If your homedir is world readable,
>>and you create a new subdirectory in it, it will also be world readable.
>>Does this not make sense? I'm trying to figure out if and why this works
>>against what a user may expect. Then we can figure out what to do about
>>it.
As we talk about converting all users to AFS, and as Mark writes his 'permit'
command, we need to address this issue. At the very least, a tremendous
education campaign needs to be launched if we keep the AFS convention as it
is. What do others think?
Naomi
