[OpenAFS] ACLs and open-afs

Hartmut Reuter reuter@rzg.mpg.de
Tue, 15 Oct 2002 10:13:17 +0200


The problem of restricting access to files in directories with rl-rights =

for system:anyuser could be solved by a different implementation in the=20
fileserver: We did this for MR-AFS in the way that the mode-bits for=20
"other" restrict the access for system:anyuser. The problem here is that =

users have been told too long that the mode-bits for "group" and "other" =

are worthless in AFS and they mostly ares set randomly. Therefore we=20
require the fileserver to be started with an option "-modebits" in order =

to enable this feature.

This could easily be implemented in OpenAFS as well.

Hartmut

Friedrich Delgado Friedrichs wrote:
> Hi!
>=20
> Derek Atkins schrieb:
>=20
>>Friedrich Delgado Friedrichs <6delgado@informatik.uni-hamburg.de> write=
s:
>>
>>>Derrick J Brashear schrieb:
>>>
>>>>Of course the thing you're all neglecting is the bit where unless you=
 have
>>>>your AFS traffic encrypted, you already screwed yourself by having
>>>>.Xauthority in AFS.
>>>
>>>Hm. What is harder, breaking AFS traffic encryption or guessing xauth
>>>cookies? Might be worth a research...
>>
>>Who has to break encryption?  If your homedir is "system:anyyser rl"
>>then I can just read the file.
>=20
> I think the point here was, that even *if* the homedir is
> "system:anyuser l" or less, *and* afs Traffic is transmitted via an
> untrusted network, somebody could snoop the afs traffic and get the
> file contents. This is where encryption starts to be of any concern at
> all.
>=20
> If the directory is "system:anyuser rl", encryption is of course
> pointless.
>=20
>=20
>>The real answer is that SSH should be modified (or configured) to
>>create a random .Xauthority file in /tmp (or /tmp/$USER)
>=20
> Which is of course possible.
>=20
> Ceterum censeo, there are too many client programs that store sensible
> data in $HOME, that rely on unix file protection. Therefore, $HOME
> should never be "rl" for anybody other than the user and
> "system:administrators".
>=20
> This cannot be solved by *one* program doing the right thing with
> respect to afs acls.
>=20
> The alternative would be to patch or reconfigure every client program
> that stores sensible data in $HOME. gpg, pgp, ssh, bash and possibly
> some others come to mind here.
>=20
> Just my 2=A2
>      Friedel


--=20
-----------------------------------------------------------------
Hartmut Reuter                           e-mail reuter@rzg.mpg.de
					   phone +49-89-3299-1328
RZG (Rechenzentrum Garching)               fax   +49-89-3299-1301
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)
-----------------------------------------------------------------