[OpenAFS] Re: security of virtual web servers on afs

Benjamin Kaduk kaduk@MIT.EDU
Wed, 12 Dec 2012 23:16:52 -0500 (EST)


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

---559023410-79974486-1355372135=:2164
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-15; FORMAT=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: <alpine.GSO.1.10.1212122316051.2164@multics.mit.edu>

On Wed, 12 Dec 2012, Andrew Deason wrote:

> On Wed, 12 Dec 2012 15:44:29 +0100
> Michal =A6vamberg <svamberg@gmail.com> wrote:
>
>> Is there some reasonable advice, how to separate virtual web
>> servers on AFS from each others?
>
> In addition to what Stanford does, MIT does (or used to do) something
> somewhat similar with their 'scripts' site. It's not simple, and I don't
> really remember how it works, but they have a page describing it here:
> <http://scripts.mit.edu/wiki/Technical_overview_of_scripts.mit.edu>

Scripts is interesting because it is done with little/no coordination with=
=20
central IT.  I believe the setup that Russ describes is done with the=20
coordination of central IT, so it can be a little more elegant.  For=20
Scripts, there is a single PTS identity for the entire service, which has=
=20
read/write permissions on a subdirectory in user volumes (granted when the=
=20
user signs up for the service.  A kernel module patch on the web servers=20
enforces privilege separation between sites.  I suppose an IP acl could=20
perform the same role as the 'daemon.scripts' identity does at MIT, though=
=20
IP acls have the occasional subtlety that is not present for normal=20
principals.

Mail to scripts@mit.edu will open a ticket for tracking more conversation=
=20
about the technical details, if you are interested.  Do note that=20
scripts.mit.edu is a student-run service, and final examinations are next=
=20
week, so the response time may not be great right away.

-Ben Kaduk
---559023410-79974486-1355372135=:2164--