[OpenAFS] AFS/UNIX attributes, home directories in AFS
Adam Done
donestudios@gmx.net
Mon, 15 Sep 2003 14:25:50 -0700
--=-+5Svk95bzoDPyIZqje5o
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
On Mon, 2003-06-23 at 20:49, Derrick J Brashear wrote:
> On Mon, 23 Jun 2003, John Gruenenfelder wrote:
>
> > 1) After reading the sections on how AFS handles UNIX file attributes, I am
> > still a little uncertain as to how it behaves. In particular, some of the
> > docs read as though most of the UNIX file attributes are ignored for files,
> > since ACLs are at the directory level.
> >
> > This would be of concern in home directories. For example, in $HOME/.ssh
> > there are files which must be readable by all (public key) and others which
> > must not be publicly readable (private key). This can't be handled by
> > directory level ACLs and needs the UNIX permissions instead. I'm assuming
> > this must work on AFS home dirs, but the docs were confusing. Does it work?
>
> UNIX file permissions are advisory in AFS. If you rely on them, you *will*
> be sad.
>
> mkdir .ssh
> mkdir .ssh/private
> fs sa .ssh system:anyuser rl
> fs sa .ssh/private me all -clear
> cd .ssh
> ln -s private/whatever .
Can one still have unix home directories in AFS infrastructor with all
the access rights and all? This is very important to applications who
need to create conf files and other important information.
-Adam
--=-+5Svk95bzoDPyIZqje5o
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.0.8">
</HEAD>
<BODY>
On Mon, 2003-06-23 at 20:49, Derrick J Brashear wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE><FONT COLOR="#737373"><I>On Mon, 23 Jun 2003, John Gruenenfelder wrote:
> 1) After reading the sections on how AFS handles UNIX file attributes, I am
> still a little uncertain as to how it behaves. In particular, some of the
> docs read as though most of the UNIX file attributes are ignored for files,
> since ACLs are at the directory level.
>
> This would be of concern in home directories. For example, in $HOME/.ssh
> there are files which must be readable by all (public key) and others which
> must not be publicly readable (private key). This can't be handled by
> directory level ACLs and needs the UNIX permissions instead. I'm assuming
> this must work on AFS home dirs, but the docs were confusing. Does it work?
UNIX file permissions are advisory in AFS. If you rely on them, you *will*
be sad.
mkdir .ssh
mkdir .ssh/private
fs sa .ssh system:anyuser rl
fs sa .ssh/private me all -clear
cd .ssh
ln -s private/whatever .</I></FONT></PRE>
</BLOCKQUOTE>
<BR>
Can one still have unix home directories in AFS infrastructor with all the access rights and all? This is very important to applications who need to create conf files and other important information. <BR>
<BR>
-Adam
</BODY>
</HTML>
--=-+5Svk95bzoDPyIZqje5o--