[246] in The Cryptographic File System users list
Re: multi user question
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Oct 26 10:14:08 2001
From owner-cfs-users@crypto.com Fri Oct 26 14:14:08 2001
Return-Path: <owner-cfs-users@crypto.com>
Delivered-To: cfs-mtg@CHARON.mit.edu
Received: (qmail 8933 invoked from network); 26 Oct 2001 14:14:07 -0000
Received: from mx.crypto.com (207.140.168.138)
by charon.mit.edu with SMTP; 26 Oct 2001 14:14:07 -0000
Received: (from majordomo@localhost)
by MultiHostMXServer (8.9.3/8.9.x4) id JAA00112
for cfs-users-list; Fri, 26 Oct 2001 09:57:59 -0400 (EDT)
X-Authentication-Warning: mx.crypto.com: majordomo set sender to owner-cfs-users@crypto.com using -f
Received: from nsa.research.att.com (H-135-207-24-155.research.att.com [135.207.24.155])
by MultiHostMXServer (8.9.3/8.9.x4) with ESMTP id JAA08308
for <cfs-users@crypto.com>; Fri, 26 Oct 2001 09:57:57 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id JAA16534 for <cfs-users@nsa.research.att.com>; Fri, 26 Oct 2001 09:57:55 -0400 (EDT)
Received: by mail-blue.research.att.com (Postfix)
id CE0CC4CE7A; Fri, 26 Oct 2001 09:57:56 -0400 (EDT)
Delivered-To: cfs-users@research.att.com
Received: from foo-bar-baz.cc.vt.edu (foo-bar-baz.cc.vt.edu [128.173.14.103])
by mail-blue.research.att.com (Postfix) with ESMTP id 7ED824CE2D
for <cfs-users@research.att.com>; Fri, 26 Oct 2001 09:57:56 -0400 (EDT)
Received: from foo-bar-baz.cc.vt.edu (valdis@localhost [127.0.0.1])
by foo-bar-baz.cc.vt.edu (8.12.1/8.12.1) with ESMTP id f9QDvoUg025016;
Fri, 26 Oct 2001 09:57:50 -0400
Message-Id: <200110261357.f9QDvoUg025016@foo-bar-baz.cc.vt.edu>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4+dev
To: aaron <aaron@lo-res.org>
Cc: cfs-users@research.att.com
Subject: Re: multi user question
In-Reply-To: Your message of "Fri, 26 Oct 2001 15:06:39 +0200."
<200110261307.f9QD7dI95783@meta.lo-res.org>
From: Valdis.Kletnieks@vt.edu
X-Url: http://black-ice.cc.vt.edu/~valdis/
X-Face-Viewer: See ftp://cs.indiana.edu/pub/faces/index.html to decode picture
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <200110261307.f9QD7dI95783@meta.lo-res.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-1586985482P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Fri, 26 Oct 2001 09:57:50 -0400
Sender: owner-cfs-users@crypto.com
Precedence: bulk
--==_Exmh_-1586985482P
Content-Type: text/plain; charset=us-ascii
On Fri, 26 Oct 2001 15:06:39 +0200, aaron <aaron@lo-res.org> said:
> I.e: for me CFS should work like that: offer write access for root (sendmail)
> to store mails in the /crypt directory. For all users it should allow read
> access to /crypt/<usersmailbox>
>
> However when I create the usual /crypt and encrypted directory (lets call it
> /usr/cryptedmail) and then cattach /usr/cryptedmail to /crypt as root - then
> only root will be able to read and write to /crypt/cryptedmail.
> (permission 700)
>
> Sooo, is there a way to get around that permission problem?
This is an NFS issue. You should think *long* and *hard* about the
implications first, and then try something like this in /etc/exports:
/usr/cryptedmail -root=localhost
What is happening is that NFS is doing the usual 'root->nobody' mapping.
*HOWEVER* - I have to recommend against this. Consider that usually,
the reason for using CFS is because you *dont* trust 'root'. If you do
this, you have basically *no* added security (consider that in a multi-user
system, that directory has to be attached 24x7 so mail can be delivered).
Also - you *really* need to allow the users write access to their mailbox,
as otherwise they can't remove already-read items (unless the *idea* here
is to *keep* them from deleting already-read mail?)
And of course, the usual caveats apply here - encrypting the mailbox does
no real good unless you've *also* done a threat analysis on the *entire*
end-to-end mail process - is TLS or similar used to secure the SMTP transaction?
Are the MUAs fixed (or at least users educated) to prevent them saving a
sensitive mail as a world-readable file? And so on....
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_-1586985482P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.5 07/13/2001
iQA/AwUBO9lr3nAt5Vm009ewEQLTtQCfQYXJGzU0UssDZQFvnSW3l/YHpR0An3GU
eD+6/jtnXOYWCUQ0/5cw3ukg
=JOZ/
-----END PGP SIGNATURE-----
--==_Exmh_-1586985482P--
