[OpenAFS] ftp overrides AFS permissions
Christopher Allen Wing
wingc@engin.umich.edu
Tue, 30 Mar 2004 09:54:02 -0500 (EST)
Sure, the usual cause of this problem is that you logged in as root,
obtained a PAG and an administrator token, and then started the FTP
server. In this case the FTP server will inherit the PAG and tokens.
The solution is to never start a daemon process as root if you have AFS
tokens.
Here is a program that when run as root will remove the current PAG:
http://www-personal.engin.umich.edu/~wingc/code/unpagsh.c
When restarting a daemon process, what I usually do first is:
1. Become root
2. Run 'unpagsh' to drop any PAG
3. Run 'tokens' to make sure that the default PAG for root does
not have tokens
-Chris Wing
wingc@engin.umich.edu
On Tue, 30 Mar 2004, J S wrote:
> Hi,
>
> I have noticed that when I ftp to a host with an AFS client as my normal
> userid, I can cd/del/put into AFS directories where I don't have
> permissions. I can do this eventhough I haven't logged on to AFS. The root
> userid on this box has administrator priviledges on AFS but I'm ftp'ing with
> my own userid.
>
> Does anyone get this?
>
> Thanks for any help.
>
> Ed.