[OpenAFS] home on afs woes

Lester Barrows barrows@email.arc.nasa.gov
Wed, 4 Jan 2006 13:16:00 -0800


On Wednesday 04 January 2006 12:42 pm, Douglas E. Engert wrote:
> The problem is not about ACLs on files or directories, it more about
> allowing world readable access to what some might consider sensitive data.
> I still would not like the .k5login world readable.
>
> What I meant about NFS vs AFS is that both have to live in a unix world
> where the system daemons are run as root, and unix code assumes root
> automaticly has read access to the home directory in all cases. A protected
> NFS home directory has the same problem as an AFS home directory.

To a degree there is still an issue, but for the common case per-file ACLs 
would be a big step forward. Eliminating world read access to the .k5login 
while allowing some form of authentication purely to access it would seem to 
involve more logic than per-file ACLs. How does the server know when to allow 
access to just this file, and to whom? Per-file ACLs would probably be a good 
starting point. Such files could then be specially flagged, such that the 
server could recognize them as being used with the authorization system.

With AFS we have to decide whether to allow the world to read the entire top 
level of a home directory, or to always require the username and password for 
each login. At the moment I've chosen the latter, since the former requires 
vigilance on the part of the user that I'm not comfortable with counting on.

Best regards,
Lester Barrows