Larry Stone of United Airlines <[EMAIL PROTECTED]> writes:
I have looked and looked through the manuals and while I find lots of
guidelines on how to secure the AFS server files, I can find nothing on
how the ownership and mode bits of the client files should be set.
Can somebody either tell me where I missed it in the manuals or provide
their own recommendations.
Greetings Larry,
On a client, I would ensure the following:
a) chmod 700 /usr/vice/cache
b) cd /usr/vice; chmod -R g-w,o-w etc; chmod 755 .
c) chmod 755 /etc/rc.afs
Explanation:
a) Your disk based cache should not be readable by anyone other
than root (ie Cache Manager afsd processes).
b) All your drivers and config files must be protected from
unauthorised updates: only root should update.
c) Your AFS "run command" file (executed at boot time) must
be write-protected.
Also, your (AFS-aware) login binaries must be write-protected.
(Folks, did I miss anything?) Hope this helps!
--
paul http://acm.org/~mpb/homepage.html
...ready to be flown to San Francisco to help out anytime! ;-)
