[OpenAFS-devel] kuserok() checking UID ownership on afs

Douglas E. Engert deengert@anl.gov
Thu, 03 Feb 2005 06:55:02 -0600


Douglas E. Engert wrote:


>>
>> Unfortunately, you're both trying to solve not the problem that Troy 
>> and Russ were actually discussing.  You're trying to solve the "I 
>> can't access the user's .k5login" problem, but the problem they were 
>> talking about is "how can I prove that no one _except_ the user could 
>> have written to the .k5login?".
>>
> 

And I should have also said, Yes it is related. if you could get it so
root uses the user's tokens to read the dotfiles then you can tighten
up access to the home directory. i.e. no acl system:anyuser l
to a dotfile directory with "rl" and lots of symlinks and get back
to dotfiles in the users home directory simplifying the whole situation.
and making it easier to at least audit the permisions on home directories.


> Those are both valid problems,
> 
> Maybe its time to get rid of the .k5login, it has some security 
> implications
> where a user can give access to his accounts. Some sites might not like
> this flexibility.
> 
> The related problem I would like to solve, is I don't want to have to have
> the dot files world readable so root on a machine I am on can read the
> .k5login without a token. and don't have to play all the games of symlinks
> to a dotfile directory with rl.
> 
> 
>> -- Jeff
>>
>>
>>
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444