Hmm, in one part, [EMAIL PROTECTED] (Randolph J. Herber, CD/DCD/SPG, x2966) writes:
++> Another thing I do not understand is why AFS did not implement full Unix file
++> semantics and instead implemented ``ACL''s.
Later he says,
++> My objection was not to ACLs. My objection was to ACLs
++> instead of the customary UNIX semantics.
To me, "full Unix file semantics" means "exactly" Unix file semantics.
Not semantics Plus Y or semantics minus X. Interestingly,
IBM AIX has "unix file semantics plus" (well, more
or less, excepting the odd bug :-)) I can, under AIX, create
a file I can read, even though "ls -l" might lead me to
believe I can't. That's certainly not "exactly" Unix file semantics,
and one might argue that the difference is pretty scary, and
perhaps even worthy of being called a "minus". DFS and AFS both
offer "unix file semantics minus X plus Y." DFS has a slightly
smaller set of Y. It seems obvious to me that X can't be zero
(just for starters, the SUID problem and execute permissions)
in a proper networked environment, so to me, the only relevant
questions are that of performance and functionality.
Later on, I said some other stuff ending with:
+system over the area of, say, Ann Arbor. Anyone who can type L1-A can
+"read" a program from NFS. Anyone who can alter their UID or GID,
+or write an RPC interface to NFS, can get around NFS file permissions.
And [EMAIL PROTECTED] (Randolph J. Herber, CD/DCD/SPG, x2966) writes:
++> At this level, is AFS any more secure?
Yes, AFS is more secure. I cannot masquerade as someone
else without an AFS token - essentially a kerberos ticket,
for that person. It's not perfect (to be more secure,
it ought to have per-machine keys and there should be
a "reload" button on the side that would cause the machine
to execute ROM code to obtain a fresh copy of all the
local workstation software from a remote site, also the
data as well as the checksum should be encrypted), but it's
definitely a lot better than NFS. Basically, you still
have to trust root on your workstation. You no longer have
to trust root on all the other workstations.
-Marcus Watts
UM ITD RS Umich Systems Group
