[OpenAFS] OS X, AFS Home Directories and SSH/Unix Permissions

[Jacob Ela]

That's what I missed.  Looks like it did the trick - I'll try it on the =
lab tomorrow.

Thanks!

Jacob Ela
Computer Systems Lab
University of Wisconsin-Madison
ela@cs.wisc.edu



On Apr 13, 2010, at 6:02 PM, Derrick Brashear wrote:

> On Tue, Apr 13, 2010 at 4:59 PM, Jacob Ela <ela@cs.wisc.edu> wrote:
>> Greetings All,
>>=20
>> I've been looking for some information on this because someone else =
has probably run into a similar issue, but I haven't found much that is =
recent or pointed towards solving the problem - though I've found some =
old email that suggests where this originates from...
>>=20
>> I've got a Mac Mini lab running OSX 10.6.2 and OpenAFS 1.4.11 (but =
also have seen this on a MacBook running 10.6.3 and 1.5.73.3).  User's =
home directories live in AFS, and users get Kerberos/AFS credentials at =
login.
>>=20
>> I'm seeing on the Macs that all the unix file permissions on files in =
AFS are shown as 666, and from the old emails I've found I'm just =
guessing that this is to make AFS ACL's play nicely with the Finder (or =
rather the other way around).
>>=20
>> This has the unfortunate side effect that my users can't use SSH on =
the Macs, as the reported permissions on their ~/.ssh/config file =
suggest it is group and world writable.  This causes SSH to error out =
when a user attempts to connect to another computer because of insecure =
config file permissions.  Trying to chmod the file from a Mac doesn't =
change the unix permissions as they are reported to the Mac, though =
Linux hosts can see these new permissions.
>>=20
>> Has anyone run into something like this?  Is there a way to change =
the permissions AFS reports to OSX, or is there a work around I'm =
failing to see?
>=20
> Check out the RealModes setting. Edit
> /var/db/openafs/etc/config/settings.plist, and rerun
> /var/db/openafs/etc/config/afssettings as root.
>=20
>=20
> --=20
> Derrick