[1005] in arla-drinkers

home help back first fref pref prev next nref lref last post

Re: PAM and arla

daemon@ATHENA.MIT.EDU (Chris Wing)
Wed Jul 21 19:07:46 1999

From owner-arla-drinkers@stacken.kth.se Wed Jul 21 23:07:46 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 13558 invoked from network); 21 Jul 1999 23:07:45 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
  by bloom-picayune.mit.edu with SMTP; 21 Jul 1999 23:07:45 -0000
Received: (from majordom@localhost)
	by sundance.stacken.kth.se (8.8.8/8.8.8) id BAA21458
	for arla-drinkers-list; Thu, 22 Jul 1999 01:02:33 +0200 (MET DST)
Received: from shaft.engin.umich.edu (wingc@shaft.engin.umich.edu [141.213.33.85])
	by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id BAA21452
	for <arla-drinkers@stacken.kth.se>; Thu, 22 Jul 1999 01:02:28 +0200 (MET DST)
Received: from localhost (wingc@localhost)
	by shaft.engin.umich.edu (8.9.3/8.9.3) with ESMTP id TAA02166;
	Wed, 21 Jul 1999 19:02:24 -0400
X-Authentication-Warning: shaft.engin.umich.edu: wingc owned process doing -bs
Date: Wed, 21 Jul 1999 19:02:24 -0400 (EDT)
From: Chris Wing <wingc@engin.umich.edu>
To: Derrick J Brashear <shadow@dementia.org>
cc: arla-drinkers@stacken.kth.se
Subject: Re: PAM and arla
In-Reply-To: <ML-1.3.2.932585655.3894.shadow@johnstown.andrew.cmu.edu>
Message-ID: <Pine.LNX.4.10.9907211838310.2100-100000@shaft.engin.umich.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk

Derrick:

> Again, you're making it hard for people who are using this behavior (which,
> intended or not, AFS has) to change PAGs, and I really wish you wouldn't. Now
> that Linux has an in-kernel nfsd it won't matter, but I had also intended to
> use this to allow a user-level nfsd to do the equivalent of Transarc knfs:
> basically allow remote clients to have a PAG.

Okay, I've heard all the arguments, and I guess I'll retract that
suggestion about identifying PAGs via UID :) The real issue as I see it is
that it amounted to protecting root from him/herself, which is not a good
way to set up a Unix system.

(The users here like to be able to su and retain their tokens as well)

The case of an NFS sever exporting AFS would be simpler if root can change
PAGs, but it could also be done (although with additional overhead) by
storing tokens in a data structure in the NFS server and loading them as
necessary into a single PAG per NFS server process.

Are there any other applications which truly require root to switch PAGs
and are in common use? (garbage collection of PAGs can be done via the fs
command in Arla, for instance)

My thinking is that the setgroups() restriction adds a resonable amount of
security for the majority of systems, and is good to have as the default.

Thanks,

Chris Wing
wingc@engin.umich.edu


home help back first fref pref prev next nref lref last post