"Larry Stone, x4-4725" <[EMAIL PROTECTED]> writes:
> >Page 2-78 in the AFS 3.4beta installation guide. If you don't have it,
> >it is located at anonymous ftp:
> >grand.central.org:/pub/afsps/doc/AFS34/install3.4.beta.ps
>
> That is the same server directories recommendations that have been in their
> along. I was asking about the client directories (/usr/vice/...).
>
Whoops, I suppose they just talk about sensitive AFS server
directories. There are some sensitive Client ones too, although most
sensitive data is stored in the kernel (which only root has access).
-The most sensitive directory is the cache (/usr/vice/cache is default
location) where only root should be able to read/write.
In the /usr/vice/etc directory:
-rw------- 1 root 0 Jun 26 05:33 /usr/vice/etc/AFSLog
-rw-r--r-- 1 root 22645 Jun 29 02:14 /usr/vice/etc/CellServDB
-rw-r--r-- 1 root 12 Feb 18 1993 /usr/vice/etc/ThisCell
-rwxr-xr-x 2 root 131072 Feb 23 1993 /usr/vice/etc/afsd
-rw-r--r-- 1 root 27 Jan 17 01:51 /usr/vice/etc/cacheinfo
-rwxr-xr-x 1 root 196608 Feb 23 1993 /usr/vice/etc/fs
- sensitive debugging tools such as kdump is protected
by the /dev/kmem mode bits, so it's not a big issue:
-rwxr-xr-x 1 root 221184 Jun 15 1994 /usr/vice/etc/kdump
- /usr/vice/etc/{modload,dkload} should also be protected by only root
access.
- If you place any other incidental binaries on the local client disk,
you must set mode bits accordingly.
-rwxr-xr-x 1 root 245760 Sep 30 1994 /usr/vice/bin/klog
Hope this helps. I will see about fixing the install guide to include
the client recommendations. But, PLEASE keep in mind that this is
my opinion and not an official supported recommendation. Sorry for any
confusion.
-Bruce
