[OpenAFS] home on afs woes
Lester Barrows
barrows@email.arc.nasa.gov
Wed, 4 Jan 2006 13:16:00 -0800
On Wednesday 04 January 2006 12:42 pm, Douglas E. Engert wrote:
> The problem is not about ACLs on files or directories, it more about
> allowing world readable access to what some might consider sensitive data.
> I still would not like the .k5login world readable.
>
> What I meant about NFS vs AFS is that both have to live in a unix world
> where the system daemons are run as root, and unix code assumes root
> automaticly has read access to the home directory in all cases. A protected
> NFS home directory has the same problem as an AFS home directory.
To a degree there is still an issue, but for the common case per-file ACLs
would be a big step forward. Eliminating world read access to the .k5login
while allowing some form of authentication purely to access it would seem to
involve more logic than per-file ACLs. How does the server know when to allow
access to just this file, and to whom? Per-file ACLs would probably be a good
starting point. Such files could then be specially flagged, such that the
server could recognize them as being used with the authorization system.
With AFS we have to decide whether to allow the world to read the entire top
level of a home directory, or to always require the username and password for
each login. At the moment I've chosen the latter, since the former requires
vigilance on the part of the user that I'm not comfortable with counting on.
Best regards,
Lester Barrows