[OpenAFS] OS X, AFS Home Directories and SSH/Unix Permissions

Jacob Ela ela@cs.wisc.edu
Tue, 13 Apr 2010 15:59:17 -0500

Greetings All,

I've been looking for some information on this because someone else has =
probably run into a similar issue, but I haven't found much that is =
recent or pointed towards solving the problem - though I've found some =
old email that suggests where this originates from...

I've got a Mac Mini lab running OSX 10.6.2 and OpenAFS 1.4.11 (but also =
have seen this on a MacBook running 10.6.3 and  User's home =
directories live in AFS, and users get Kerberos/AFS credentials at =
login. =20

I'm seeing on the Macs that all the unix file permissions on files in =
AFS are shown as 666, and from the old emails I've found I'm just =
guessing that this is to make AFS ACL's play nicely with the Finder (or =
rather the other way around). =20

This has the unfortunate side effect that my users can't use SSH on the =
Macs, as the reported permissions on their ~/.ssh/config file suggest it =
is group and world writable.  This causes SSH to error out when a user =
attempts to connect to another computer because of insecure config file =
permissions.  Trying to chmod the file from a Mac doesn't change the =
unix permissions as they are reported to the Mac, though Linux hosts can =
see these new permissions. =20

Has anyone run into something like this?  Is there a way to change the =
permissions AFS reports to OSX, or is there a work around I'm failing to =

Thanks for any help,
Jacob Ela
Computer Systems Lab
University of Wisconsin-Madison