[210] in The Cryptographic File System users list
Re: using cfs with /home
daemon@ATHENA.MIT.EDU (Ravikant K. Rao)
Tue Oct 17 13:27:38 2000
From owner-cfs-users@crypto.com Tue Oct 17 17:27:38 2000
Return-Path: <owner-cfs-users@crypto.com>
Delivered-To: cfs-mtg@CHARON.MIT.EDU
Received: (qmail 8646 invoked from network); 17 Oct 2000 17:27:37 -0000
Received: from mx.crypto.com (207.140.168.138)
by charon.mit.edu with SMTP; 17 Oct 2000 17:27:37 -0000
Received: (from majordomo@localhost)
by MultiHostMXServer (8.9.3/8.9.x4) id NAA02570
for cfs-users-list; Tue, 17 Oct 2000 13:23:01 -0400 (EDT)
X-Authentication-Warning: mx.crypto.com: majordomo set sender to owner-cfs-users@crypto.com using -f
Received: from nsa.research.att.com (H-135-207-24-155.research.att.com [135.207.24.155])
by MultiHostMXServer (8.9.3/8.9.x4) with ESMTP id NAA09546
for <cfs-users@crypto.com>; Tue, 17 Oct 2000 13:22:56 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id NAA10141 for <cfs-users@nsa.research.att.com>; Tue, 17 Oct 2000 13:22:55 -0400 (EDT)
Received: by mail-blue.research.att.com (Postfix)
id BC6084CE09; Tue, 17 Oct 2000 13:22:55 -0400 (EDT)
Delivered-To: cfs-users@research.att.com
Received: from rockford.dyndns.org (unknown [203.197.135.71])
by mail-blue.research.att.com (Postfix) with ESMTP
id C873D4CE6E; Tue, 17 Oct 2000 13:22:51 -0400 (EDT)
Received: from ravi by Ravi's mail server; Tue, 17 Oct 2000 22:53:15 +0530
From: "Ravikant K. Rao" <ravi@symonds.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14828.35573.520680.936413@rockford.dyndns.org>
Date: Tue, 17 Oct 2000 22:53:01 +0530 (IST)
To: smb@research.att.com
Cc: res@colnet.cmhnet.org, cfs-users@research.att.com
Subject: Re: using cfs with /home
In-Reply-To: <20001017111820.35F0A35DC2@smb.research.att.com>
References: <20001017111820.35F0A35DC2@smb.research.att.com>
X-Mailer: VM 6.72 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Sender: owner-cfs-users@crypto.com
Precedence: bulk
Hello,
>>>>> "Steven" == Steven M Bellovin <smb@research.att.com> writes:
>>> However, encrypted home directory and subdirectories (each
>>> user's acct) is truly isolated and secured by cfs. I've
>>> noticed a few anomalies along
Steven> Note that there are some other issues, including users
Steven> connecting via ftp and rsh, and the finger daemon's access
Steven> to .plan and .project files, and -- perhaps most important
Steven> -- .forward files used by email. All of those issues can
Steven> be finessed or ignored, but they need to be considered.
Maybe the fault is mine - I didn't want to rant too much,
unnecessarily and hence omitted details, which are now seeming to be
important.
My requirements are completely different as in, the machine
that I intend to put CFS to use, with the $HOME directories of each
user encrypted, will be a gateway box, with probably two or three
normal users, and hardly any services running on it, *Definitely* not
ftp or finger ... it will have ssh open ... and hence, the .plan and
.project files are irrelevant in this case. Again, as for .forward, I
believe that part is achievable atleast with exim, by tweaking
exim.conf and some other file(s) so as to set permanent system level
aliases for users on that machine.
True - I understand that what you said will come into play if
its a regular workstation or anything like that - but this is what I
intend to put to use on a mini-secure-distribution project I'm working
on currently, using CFS, among other things.
Thanks for your comments though -- I was going to run the said
setup on my home box, but just realised that I would lose .forward's
and .plan's ... heh
-ravi
