[207] in The Cryptographic File System users list
Re: using cfs with /home
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Oct 17 07:22:18 2000
From owner-cfs-users@crypto.com Tue Oct 17 11:22:18 2000
Return-Path: <owner-cfs-users@crypto.com>
Delivered-To: cfs-mtg@CHARON.MIT.EDU
Received: (qmail 6599 invoked from network); 17 Oct 2000 11:22:18 -0000
Received: from mx.crypto.com (207.140.168.138)
by charon.mit.edu with SMTP; 17 Oct 2000 11:22:18 -0000
Received: (from majordomo@localhost)
by MultiHostMXServer (8.9.3/8.9.x4) id HAA01791
for cfs-users-list; Tue, 17 Oct 2000 07:18:25 -0400 (EDT)
X-Authentication-Warning: mx.crypto.com: majordomo set sender to owner-cfs-users@crypto.com using -f
Received: from nsa.research.att.com (H-135-207-24-155.research.att.com [135.207.24.155])
by MultiHostMXServer (8.9.3/8.9.x4) with ESMTP id HAA32452
for <cfs-users@crypto.com>; Tue, 17 Oct 2000 07:18:23 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id HAA09902 for <cfs-users@nsa.research.att.com>; Tue, 17 Oct 2000 07:18:21 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id HAA29803;
Tue, 17 Oct 2000 07:18:20 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 35F0A35DC2; Tue, 17 Oct 2000 07:18:20 -0400 (EDT)
X-Mailer: exmh version 2.2 06/23/2000 with version: MH 6.8.3 #1[UCI]
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Ravikant K.Rao" <ravi@symonds.net>
Cc: Robert Stampfli <res@colnet.cmhnet.org>, cfs-users@research.att.com
Subject: Re: using cfs with /home
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 17 Oct 2000 07:18:20 -0400
Message-Id: <20001017111820.35F0A35DC2@smb.research.att.com>
Sender: owner-cfs-users@crypto.com
Precedence: bulk
In message <20001016212708.B32299@symonds.net>, "Ravikant K.Rao" writes:
>Hi,
>
>On Mon, Oct 16, 2000 at 09:53:25PM -0400, Robert Stampfli wrote:
>
>> For what it's worth, here is the .profile I am currently using to protect
>
> Thanks.
>
>> several accounts. It's not exactly what you want: Each user has to
>
> Actually, it *was* infact what I wanted.
>
>> However, encrypted home directory and subdirectories (each user's acct)
>> is truly isolated and secured by cfs. I've noticed a few anomalies along
Note that there are some other issues, including users connecting via
ftp and rsh, and the finger daemon's access to .plan and .project
files, and -- perhaps most important -- .forward files used by email.
All of those issues can be finessed or ignored, but they need to be
considered.
--Steve Bellovin
