[OpenAFS] controlling access to backup volumes

Derek Atkins warlord@MIT.EDU
Mon, 19 Mar 2007 04:56:51 -0400


Adam Megacz <megacz@cs.berkeley.edu> writes:

> If a user removes a file (or restricts access to it by changing an
> ACL), and the file existed prior to the most recent "vos backup", that
> file will still be accessible via the backup volume.

Correct.

> The backup volume can be mounted beneath a directory with a very
> restrictive ACL, but it seems that other users in the same cell could
> circumvent this by simply creating a new mount point for the backup
> volume somewhere else.

It's not even limited to other uses in the same cell..  Someone in
ANOTHER cell could mount it, too!  Granted, they could only gain
the rights that they can authenticate to, so generally it's only
an issue for system:anyuser (or system:authuser@cell) acls.

> So, is there any way to make a backup volume less accessible than its
> rw?  If not, then it means that reducing access to any backed-up file
> always has to wait until the next backup...

Nope, there's not.  And your analysis is correct.

>   - a

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available