also sprach Moritz Muehlenhoff <[EMAIL PROTECTED]> [2005.05.26.0109 +0200]: > Disclaimer: I don't know davfs2 and I don't use. But I disgree > that every file system should implement POSIX access semantics. > There are production class systems that don't, e.g. the Andrew > file system. And as Coda, which according to the package > description is used as the backend, is a descandant of AFS this > may very well be in order.
Thanks for this valuable information.
One way to secure a davfs2 mount is to enclose the mount point in
a directory that can only be accessed by the authorised people.
However, this still gives everyone write access, even if some should
only have read access.
DAV does implement a fine-grained set of permissions. However,
a davfs2 resource is mounted with a single username and password.
Essentially, thus, mounting a DAV resource on a publicly accessible
place (e.g. /mnt) has the same effect as distributing the username
and password to each user with access to the system. And *this*
would be a security problem. :)
How does AFS/Coda work wrt this? I cannot imagine that every user of
a system with AFS mounts has unconditional read and write access to
those resources...
--
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer, admin, user, and author
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
"for art to exist, for any sort of aesthetic activity or perception to
exist, a certain physiological precondition is indispensable:
intoxication."
-- friedrich nietzsche
signature.asc
Description: Digital signature
