[OpenAFS] AFS FTP Permissions

Charles Clancy security@xauth.net
Mon, 18 Mar 2002 11:53:12 -0600 (CST)


> I created a login to use for FTP'ing to my AFS server. The login name
> is a member of system:administrators group, has 'ADMIN' flags,
> although cannot write new data to volumes. I'm running open-afs
> version 1.2.2 on RedHat 7.1. Could this be an OS related issue? I did
> not have this problem when running on Solaris 2.6. Any information
> would be greatly appreciated.

Well, if it's just for FTP, there's no reason to have the ADMIN flag set.
That's just for kas interaction.

What FTP server are you using?  I've found that for things running out of
inetd, something like

ftp stream tcp nowait root /usr/afsws/bin/pagsh pagsh -c /usr/sbin/wu.ftpd

helps make sure a PAG is set (requires modification for RH's xinetd).  I
assume you're using AFS PAM for ftp authentication?

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]