[OpenAFS] anon FTP upload directory ACL

Russ Allbery rra@stanford.edu
Sat, 01 Jun 2002 14:03:14 -0700


Turbo Fredriksson <turbo@bayour.com> writes:

> The following works, in the sence that it's possible to cd into the
> directory, it is possible to upload file(s), it's not possible to delete
> or view/download files. BUT, i can view the directory..

>         Normal rights:
>           system:administrators rlidwka
>           system:anyuser liw

> Using ACL 'riw' WOULD give me what I want, but it seem like it isn't
> working...

You can't not give a user l permission on directories in AFS and have them
do anything useful, unfortunately.  l permission appears to combine the
equivalents of read and execute permission on directories in a typical
Unix file system, so without l permission the user cannot traverse the
directory to do anything with the contents.

liw is probably about the best that you can do, unless you *have* to allow
read, in which case I'm not sure you can do what you want in AFS.

(Personally, I'd recommend putting your incoming directory on local disk
and mounting it over AFS with a loopback mount, just because this is one
of those things that AFS isn't all that good at, but that may or may not
work for your application.)

Note that you need to be sure to disable mkdir in your FTP server, since
otherwise with i permission in the parent directory, the anonymous FTP
user can create a subdirectory, which will then be owned by someone you
don't want it to be owned by, and the Unix owner of the directory can then
change the ACLs on that directory.  Probably not *easy* to exploit, but
I'd worry some about it.

> It also seems like the FS is 'caching' the ACL's... The changes don't
> apply right away... It takes a little while (how long?) for it to take
> effect...

No idea what's going on there.  Does fs flush . cause the changes to show
up right away?

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>