[375] in Info-AFS_Redistribution
Re: AFS & UFS protection
daemon@ATHENA.MIT.EDU (Ed._Zayas@transarc.com)
Thu Nov 7 09:02:51 1991
Date: Thu, 7 Nov 1991 08:07:23 -0500 (EST)
From: Ed._Zayas@transarc.com
To: Liz_Hines@transarc.com, Info-AFS@transarc.com
In-Reply-To: <8196DB9F40E020C3@USTHK.BITNET>
Andrew...
Excerpts from transarc.system.info-afs: 6-Nov-91 AFS & UFS protection
CCANDREW%USTHK.BITNE@YAL (725)
> I have a user who doesn't want to stay under AFS anymore. His reason
> is that he wants to let others read his .mailrc but protect his .newsrc
> from reading by others, and he doesn't want to spend additional effort
> of copying these files to another directory (with "read" enabled) every
> time when these files are updated. Does anybody has any idea of how we can
> resolve this problem ? Or any work around that will be transparent to
> the user ?
I just tried the following little test:
%pwd
/afs/transarc.com/usr/erz
% fs la private
Access list for private is
Normal rights:
erz rlidwka
% ln -s private/.newsrc .newsrc
% ls -l .newsrc
lrwxr-xr-x 1 erz 15 Nov 7 07:51 .newsrc ->private/.newsrc
% echo "hello" > .newsrc
% ls -l .newsrc
lrwxr-xr-x 1 erz 15 Nov 7 07:51 .newsrc ->private/.newsrc
% more .newsrc
hello
% cat .cshrc > .newsrc
% ls -l .newsrc
lrwxr-xr-x 1 erz 15 Nov 7 07:51 .newsrc ->private/.newsrc
Basically, my home directory's .newsrc is a symlink into a file in a
protected directory. I can edit this file, echo to it, and copy files
over it using the name in my home directory, and it will remain
physically stored in the private directory, although its name is still
visible in my home directory. Thus, your user's .mailrc can physically
reside in his home directory and enjoy public visibility, and his
.newsrc can appear to live in the same directory yet be protected
separately. As required, this is transparent to the user, and provides
the higher (or even different) level of protection he requires.
To my knowledge, AFS-3 will not be implementing file-level ACLs in the
future (although they exist in the version of AFS which is part of the
upcoming OSF DCE package). As far as UFS protection, do you mean mode
bits? If so, the current system already listens to the owner bits (if
you turn off the w bit, you can't write the file, no matter what the ACL
says). If you mean listening to the Unix group and other bits, no.
Ed.