[6220] in Release_7.7_team
Re: relaxing permissions on psutils locker
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Tue Feb 24 13:05:41 2009
Message-Id: <200902241805.n1OI5RPP020196@wax-lion.mit.edu>
From: Jonathon Weiss <jweiss@MIT.EDU>
To: Alex T Prengel <alexp@MIT.EDU>
cc: Mitchell E Berger <mitchb@MIT.EDU>, jweiss@MIT.EDU, release-team@MIT.EDU
In-reply-to: Your message of "Wed, 18 Feb 2009 13:21:30 EST."
<200902181821.n1IILUjq013797@dit.mit.edu>
Date: Tue, 24 Feb 2009 13:05:26 -0500
X-Spam-Flag: NO
X-Spam-Score: 0.00
>
> >> >The current psutils locker has system:authuser:rl. Does anyone know
> >> >if there would be a problem with adding mit rl to the ACL
> >>
> >> This should be OK provided that the IP ranges stay within MIT
>
> >If there's a real issue with distributing the content to the world
> >at large, you should know that if we add mit to the ACL, this means
> >that the MIT webservers will suddenly have access to the files, and
> >people will be able to download them (from anywhere)
>
> >This can be thwarted if we also add a .htaccess.mit file
>
> Thanks Mitch- Jonathon, could you please include the .htaccess.mit file?
> We definitely can't make this world-accessible.
>
> Alex
I've loosened the ACL on the top level dir and the arch sub-tree. I
have not tourched the ACL of the src tree. I did create a
.htaccess.mit file that requires a valid MIT personal certificate.
Mitch, good catch, thanks. Please let me know if you see any issues
or problems.
Jonathon