AFS access permissions and OSX interaction

David Botsch dwb7 at ccmr.cornell.edu
Mon Aug 18 19:25:52 CEST 2003


Right. It's because of a bug in the finder that always looks at UNIX 
uids and access perms to predetermien if you can access files and 
folders.

OpenAFS 1.2.10 incorporates a patch which works around this problem 
(and a version of 1.2.9 was released with the patches compiled in).

Essentially, the patch sets the file perms so that the finder thinks 
you have access thus allowing the Finder to actually try and access the 
file/dir and let AFS allow or deny access based on its perms and your 
tokens.

On 2003.08.18 12:06 Tino Schwarze wrote:
> On Mon, Aug 18, 2003 at 09:34:19AM -0600, nepywoda at fnal.gov wrote:
> > Earlier I posted to the list about changing the local UID to match
> the
> > AFS UID in Mac OSX. Some people suggest doing this, but I've never
> > come across the true reason behind it. What I'm wondering is, if 2
> > people have the same local UID, say 501, different AFS UIDs, and
> login
> > at the same time...can person 1 fool AFS into thinking it owns
> person
> > 2's files? This seems like a huge security issue to me, so I doubt
> > that would be the case.
> 
> AFS always looks at the AFS UID, never at the local UID. At least, it
> should not. *g*
> 
> > Does anyone have any definite info about why we should change the
> > local uid and the local file uids to match the AFS uid?
> 
> It's primarily of cosmetic nature - you get real user names with "ls
> -l"
> (and probably in Finder too). So you actually know who created the
> file
> and don't have to guess who is user "1377".
> 
> Bye, Tino.
> 
> --
>              * LINUX - Where do you want to be tomorrow? *
>                   http://www.tu-chemnitz.de/linux/tag/
> 

-- 
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7 at ccmr.cornell.edu
********************************





More information about the Arla-drinkers mailing list