Michael Olson <[EMAIL PROTECTED]> wrote: > "Christopher D. Clausen" <[EMAIL PROTECTED]> writes: >> Although there are security issues allowing procmail to run with AFS >> delivery as someone who knows what they are doing might be able to >> read/write to someone else's email as the SMTP server (or whatever >> handles actual delivery) would need generic AFS tokens. The IMAP / >> POP clients can likely get use tokens from the user's password. > > This I'm not very happy about. Is there some way for the server to > call procmail with some "subset" of the user's token and the mail > delivery token, so that one user could not write to another user's > mail directory?
Well, is it possible to chroot to a particular user's mail volume on delivery? That should be sufficient to prevent users from messing with other's volumes, provided that we don't grant the users "a" rights on their mail volumes. (Users need "a" and "i" to create mount points.) > Though come to think of it, the same problem probably exists (if I > understand it correctly) on normal procmail installations as well, so > we wouldn't actually be taking a step backwards. Still, it's a > concern. Procmail is probably setup to run as the current user when mail is delivered. This changes the access rights to that users. With AFS, changing uid would have no effect on changing procmail's access rights in AFS. >> I don't see NFS as a solution to this problem. Now I could see using >> only local disk and keeping all email only on deleuze, if its decided >> that AFS will cause problems. Also, since Deleuze IS the AFS server, >> small files aren't being accessed across the network. Or does >> squirrelmail not run on Deleuze? > > The problem NFS would solve is making email available to the other > machines, without delivering all mail to another machine. I didn't > realize that our AFS volume was hosted on deleuze -- that addresses my > concerns and obviates the need for a separate NFS volume. NFS would not allow me to directly read my Maildir from my laptop. AFS would. I realize that secure IMAP or POP would work just as well, but that requires additional local storage. >> Also realize that AFS is designed to cache files and quite good at >> doing this. > > Ah, didn't know that before. That being said, since deleuze is the AFS server, I have the cache set to use 64MB of RAM instead of larger disk cache. Mire should probably have an on-disk cache setup on the order of several GBs. Ideally, /var/cache/openafs should be a dedicated partition. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
