[OpenAFS] OpenAFS and SELinux?
Christopher D. Clausen
cclausen@acm.org
Sun, 30 Mar 2008 17:14:55 -0500
Jason Edgecombe <jason@rampaginggeek.com> wrote:
> Joshua Hutchins wrote:
>> Harald Barth wrote:
>>>> I'm concerned that a hacked mail server could lead to compromise of
>>>> the server key, which would then compromise the entire cluster.
>>>
>>> I know that there are folks out there which deliver email into AFS
>>> and not all of you do it by distributing the server key to the email
>>> server, don't you? So how do you do it?
I was doing this by having seperate mail.<user> volumes with an ACL
allowing the mail server itself (not an IP ACL, a keytab used by k5start
was created) to create, insert, lookup, etc. in specific directories as
required by the mail server. The seperate volume was needed to NOT
grant users "a" to prevent someone who knows what they were doing from
mounting another user's mail volume under their own and reading the
contents. It was also done to mount these volumes at a specific
location and have the mail server chroot there. This also required
disabling exec-ings commands with procmail and .forward files and other
precautions to prevent access to other user's data. It also required
using the maildir format, as MBOX files don't work so well in AFS.
The IMAP server I was using (dovecot) supported PAM and one could
actually have it obtain tokens on behalf of the user in order to read /
delete email.
This worked for me but it was slow and I do not have a lot of email.
This setup has also been taken down as there were very few people who
cared about it.
> I would highly recommend splitting the mail server from the file
> server. Use Xen/VMware or something else to make two virtuals if you
> don't have a spare box.
>
> selinux works fine with OpenAFS clients, but I haven't run it on
> servers before.
I too would recomend NOT running the email server on an AFS fileserver
directly. (Or nearly any other service, with the possible exceptions of
a KDC or an AFS backup process.)
<<CDC