[OpenAFS] anon FTP upload directory ACL

Chuck Boeheim boeheim@SLAC.Stanford.EDU
Sat, 01 Jun 2002 20:25:49 -0700 (PDT) 

We have run our anonymous incoming directory at SLAC in AFS for
years.  The ACLs are:

Access list for . is
Normal rights:
  system:administrators rlidwka
  system:authuser rlidwk
  system:anyuser li

Remote users are able to deposit files, and users here can retrieve
them.  The instructions we provide to users are at
http://www.slac.stanford.edu/comp/unix/ftp.html.
We can testify that this works pretty well.

We do two additional things to make this work well.  One is to
run a cron job frequently to change the owner of any anonymously
created directory and fix up any bad ACLs that creep in,
and the other automatically deletes files after three days to
keep it tidy.

We've considered the default admin privilege of the owner of a
directory to be a bug for years, and have requested a number of
times that Transarc change it as a security hole.  They've never
seen it the same way that we have.


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Chuck Boeheim    Stanford Linear Accelerator Center     650-926-4640
SLAC Computing Services Assistant Director Boeheim@SLAC.Stanford.Edu
Contact info & PGP key:        http://www.slac.stanford.edu/~boeheim
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

On Sat, 1 Jun 2002, Derek Atkins wrote:

> From a security standpoint I think it's a good idea to have this
> functionality.  I'd like to see it in OpenAFS.
>
> -derek
>
Garry Zacheiss <zacheiss@MIT.EDU> writes:
>
> > >> > ISTR there were two ways of doing implicit-admin.  One was by directory
> > >> > ownership, the other was volume ownership.  I thought in the end it was
> > >> > by-volume, but perhaps that was just an MIT Security patch that was
> > >> > never accepted back into the mainline (and yes, IMHO is it a security
> > >> > bug that you mkdir foo and then control the acl on foo).
> > >>
> > >> I'm definitely inclined to agree with you; I can't ever remember wanting
> > >> the current behavior as opposed to just watching out for it.  Maybe that
> > >> patch should go into OpenAFS.
> >
> >    The patch Derek refers to is definitely an MIT-local patch that was
> > never accepted back by Transarc.  If there's interest in it, I can
> > happily commit it to the OpenAFS mainline, although I wouldn't expect it
> > to appear in a stable release until 1.4.x.
> >
> > Garry
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
>
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>