The pam-aware ftpd-bsd is another option. Isn't that the preferred ftpd for afs?
steve - - - systems & network guy high energy physics university of wisconsin > ---- Original Message ---- > From: "ted creedon" > Russ Alberry has an AFS aware ftp, > > Russ perhaps you could post it on your website? > > Tedc > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > g] > On Behalf Of Neulinger, Nathan > Sent: Tuesday, March 30, 2004 8:06 AM > To: Christopher Allen Wing; J S > Cc: [EMAIL PROTECTED] > Subject: RE: [OpenAFS] ftp overrides AFS permissions > > That's not very safe. If all you are doing is dropping the pag, if you > ever authenticate as root outside of a pag again on that box (granted, > not a good idea), you'll be giving your new token to the ftp server. You > should just run the ftp server in it's own pag, which can be done with > the standard tools provided with an afs install without having to create > a new one. > > -- Nathan > > ------------------------------------------------------------ > Nathan Neulinger EMail: [EMAIL PROTECTED] > University of Missouri - Rolla Phone: (573) 341-6679 > UMR Information Technology Fax: (573) 341-4216 > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Christopher Allen Wing > > Sent: Tuesday, March 30, 2004 8:54 AM > > To: J S > > Cc: [EMAIL PROTECTED] > > Subject: Re: [OpenAFS] ftp overrides AFS permissions > > > > Sure, the usual cause of this problem is that you logged in as root, > > obtained a PAG and an administrator token, and then started the FTP > > server. In this case the FTP server will inherit the PAG and tokens. > > > > The solution is to never start a daemon process as root if > > you have AFS > > tokens. > > > > Here is a program that when run as root will remove the current PAG: > > > > http://www-personal.engin.umich.edu/~wingc/code/unpagsh.c > > > > > > > > When restarting a daemon process, what I usually do first is: > > > > 1. Become root > > > > 2. Run 'unpagsh' to drop any PAG > > > > 3. Run 'tokens' to make sure that the default PAG for root does > > not have tokens > > > > > > -Chris Wing > > [EMAIL PROTECTED] > > > > > > > > On Tue, 30 Mar 2004, J S wrote: > > > > > Hi, > > > > > > I have noticed that when I ftp to a host with an AFS client > > as my normal > > > userid, I can cd/del/put into AFS directories where I don't have > > > permissions. I can do this eventhough I haven't logged on > > to AFS. The root > > > userid on this box has administrator priviledges on AFS but > > I'm ftp'ing with > > > my own userid. > > > > > > Does anyone get this? > > > > > > Thanks for any help. > > > > > > Ed. > > > > _______________________________________________ > > OpenAFS-info mailing list > > [EMAIL PROTECTED] > > https://lists.openafs.org/mailman/listinfo/openafs-info > > > > > _______________________________________________ > OpenAFS-info mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-info > > > _______________________________________________ > OpenAFS-info mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-info _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
