[OpenAFS-devel] User-friendly Mac OS X patch causes SSH hardship

[C. Alex. North-Keys]

Harald Barth wrote:
> 
> 
>> Normally, we solve this by making a ~/.ssh/private/, moving the private 
>> keys into it, and then making symlinks from the old locations to the new 
>> ones, and set the ACLs to something like (for user "erlkonig"):
> 
> Does that really help? Aren't all directories equally "writable" according
> to the mode bits? (Disclaimer: I have no Mac here)
> 
> 

I'll admit that I was speaking from a Linux/AFS perspective - but in that
environment, as I suspect would be similar in other Unixen like Mac OS X,
the AFS filesystem semantics overrule the normal Unix filesystem semantics. 
Hence quirks like "other" rights (------rwx) being basically ignored in
favor of the ACLs and so forth.  

Hence, SSH, with no special knowledge of AFS, was still completely bound by
AFS filesystem semantics, and the desired hiding of the private SSH files
worked just fine.


Harald Barth wrote:
> 
> 
> PS: Und bist du nicht willig, so brauch' ich Gewalt
>     http://de.wikisource.org/wiki/Erlk%C3%B6nig
> 
> 

Ach, natuerlich - Ursprung meines Kontonamens.
-- 
View this message in context: http://www.nabble.com/User-friendly-Mac-OS-X-patch-causes-SSH-hardship-tf3188852.html#a9747968
Sent from the OpenAFS - Dev mailing list archive at Nabble.com.