Establishing Maximum Permissions for Unauthenticated Principals
If you want to apply a namespace-wide set of maximum permissions for all unauthenticated principals, you should do so immediately after you configure your first CDS server and before you create and populate any directories below the cell root. By creating an unauthenticated ACL entry and an any_other entry for the cell root by using the Object ACL and Initial Container Creation ACL types, you can take advantage of automatic propagation of the unauthenticated entry to the entire namespace as it evolves.