[OpenAFS] OS X, AFS Home Directories and SSH/Unix Permissions

[Derrick Brashear]

On Tue, Apr 13, 2010 at 4:59 PM, Jacob Ela <ela@cs.wisc.edu> wrote:
> Greetings All,
>
> I've been looking for some information on this because someone else has p=
robably run into a similar issue, but I haven't found much that is recent o=
r pointed towards solving the problem - though I've found some old email th=
at suggests where this originates from...
>
> I've got a Mac Mini lab running OSX 10.6.2 and OpenAFS 1.4.11 (but also h=
ave seen this on a MacBook running 10.6.3 and 1.5.73.3). =A0User's home dir=
ectories live in AFS, and users get Kerberos/AFS credentials at login.
>
> I'm seeing on the Macs that all the unix file permissions on files in AFS=
 are shown as 666, and from the old emails I've found I'm just guessing tha=
t this is to make AFS ACL's play nicely with the Finder (or rather the othe=
r way around).
>
> This has the unfortunate side effect that my users can't use SSH on the M=
acs, as the reported permissions on their ~/.ssh/config file suggest it is =
group and world writable. =A0This causes SSH to error out when a user attem=
pts to connect to another computer because of insecure config file permissi=
ons. =A0Trying to chmod the file from a Mac doesn't change the unix permiss=
ions as they are reported to the Mac, though Linux hosts can see these new =
permissions.
>
> Has anyone run into something like this? =A0Is there a way to change the =
permissions AFS reports to OSX, or is there a work around I'm failing to se=
e?

Check out the RealModes setting. Edit
/var/db/openafs/etc/config/settings.plist, and rerun
/var/db/openafs/etc/config/afssettings as root.


--=20
Derrick