On Fri, 06 Jul 2012 15:16:08 +0200 (CEST) Harald Barth <[email protected]> wrote: > If this would be "restricted information" then one would have to > > (1) Close the unauthenticated method > > (2) Figure out what WOULD BE a useful access restriction. I think > that (l) on the volume root is not good. The right access > restriction would IMHO be "open for any user that has (w) or (i) > in any directory of the volume". That check is a little more > tricky to implement but we don't need to think about it until (1) > is changed.
i think there is merit here. generally one should error on the side of "less is more" when it comes to security. i understand that the vnodes are seperate from volumes, i.e. someone should/may be able to browse your afs tree anonymously, but you might not want them to view the underlying structure. vos listvldb doesnt require authentication either. from that you can easily guess the user names based on volume names. oddly enough, pts examine doesn't require authentication, but pts listentries does. i understand this needs to open for certain volumes so that the clients can find the cell roots, but perhaps there should be some sort of control on volume information. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
