On Tue, 24 Sep 2002, Ivan Popov wrote:

> *** well, PAG would help to allow cron jobs to alter user files on Coda if
> the user explicitely grants host/<host> the right to do that...
> The same for mail delivery and other "problematic aspects" of networked
> filesystems.

After consideration I want to withdraw this idea as it implies a need for
complementary unix-like uid-based access control.
(otherwise it looks like a host principal would make things on behalf of a
user, effectively letting the user indirectly mess with other's
"host-opened" files)

My conclusion: PAGs are of no real use!

:-)

Regards,
--
Ivan
P.S. A clean approach: let cron/procmail/younameit to work on host-local
files.
When desired, those local files can contain keytabs for special
principals, giving access to some of the distributed files.
(principals like <user>/cron, <user>/mail and so on?)
With other words, a 1777 persistent local directory would be sufficient
for uid-based-authorization activities like cron and even procmail.