[OpenAFS] OS X, AFS Home Directories and SSH/Unix Permissions

Jason Edgecombe jason@rampaginggeek.com
Wed, 14 Apr 2010 18:30:42 -0400


Derrick Brashear wrote:
> On Tue, Apr 13, 2010 at 4:59 PM, Jacob Ela <ela@cs.wisc.edu> wrote:
>   
>> Greetings All,
>>
>> I've been looking for some information on this because someone else has probably run into a similar issue, but I haven't found much that is recent or pointed towards solving the problem - though I've found some old email that suggests where this originates from...
>>
>> I've got a Mac Mini lab running OSX 10.6.2 and OpenAFS 1.4.11 (but also have seen this on a MacBook running 10.6.3 and 1.5.73.3).  User's home directories live in AFS, and users get Kerberos/AFS credentials at login.
>>
>> I'm seeing on the Macs that all the unix file permissions on files in AFS are shown as 666, and from the old emails I've found I'm just guessing that this is to make AFS ACL's play nicely with the Finder (or rather the other way around).
>>
>> This has the unfortunate side effect that my users can't use SSH on the Macs, as the reported permissions on their ~/.ssh/config file suggest it is group and world writable.  This causes SSH to error out when a user attempts to connect to another computer because of insecure config file permissions.  Trying to chmod the file from a Mac doesn't change the unix permissions as they are reported to the Mac, though Linux hosts can see these new permissions.
>>
>> Has anyone run into something like this?  Is there a way to change the permissions AFS reports to OSX, or is there a work around I'm failing to see?
>>     
>
> Check out the RealModes setting. Edit
> /var/db/openafs/etc/config/settings.plist, and rerun
> /var/db/openafs/etc/config/afssettings as root.
>
>
>   
Is this documented somewhere?

Jason