Adam Chlipala <[EMAIL PROTECTED]> wrote: > Christopher D. Clausen wrote: >> I've checked on this and heard conflicting reports of both loss and >> retaining of tokens. Since both the www-data (no PAG) and the root >> user (with a PAG) have tokens, its likely that the root user's >> tokens will be present across setuid changes. But this of course >> remains to be tested. If its a serious issue, we might be able to >> get away with creating an IP ACL on the affected directories. IP >> ACLs aren't reliable, but that uncertainty and trouble in setup >> might be worth the hassle for some who doesn't want system:anyuser >> access. > > I just wanted to make sure my position is clear: security is much more > important than performance here. Some decisions which make sense in > more traditional environments seem to me to be too fraught with peril > to even consider. I don't want to break the rule of "users can't run > any programs as any other users" just because that might be necessary > to avoid costly AFS operations on every CGI access.
Okay, sounds good to me. Note that I am unaware of any packaged "get tokens before running" mods for CGI apps. This would likely need to be written and tested. I just don't want to completely overburden the machine with Kerberos requests / PAGs. Also, the nubmers of PAGs on a system is finite and there may be memory problems related to large numbers of PAGs. (Again, just FYI. It may or may not be an issue in practice.) The mod_waklog source might be a good place to look for ideas. It has some of the functionality that we need, I think. >> In my opinion, a lot of people could simply use a small 5MB or so of >> local disk to have a "db_include.php" file with the db connectivity >> info chowned to their uid > > We could just give users actual /home directories on demand, with > strict quotas for non-admins on that partition and automated copying > to AFS volumes for back-up purposes. I have a feeling we would need > to increase the size of the /home partition to make this feasible, > and we'd might as well do it now, before this could disrupt > production services. Thoughts, anyone? If we are resizing partitions, can I request dedicated /var/cache/openafs of between 1 and 3 GBs on mire? (This might need to be larger based on actual usage.) This should limit the need for mire to make lots of fileserver requests to read data. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
