On Thu, May 26, 2005 at 02:40:19AM +0200, martin f krafft wrote: > also sprach Moritz Muehlenhoff <[EMAIL PROTECTED]> [2005.05.26.0109 +0200]: > > Disclaimer: I don't know davfs2 and I don't use. But I disgree > > that every file system should implement POSIX access semantics. > > There are production class systems that don't, e.g. the Andrew > > file system. And as Coda, which according to the package > > description is used as the backend, is a descandant of AFS this > > may very well be in order.
> Thanks for this valuable information. > One way to secure a davfs2 mount is to enclose the mount point in > a directory that can only be accessed by the authorised people. > However, this still gives everyone write access, even if some should > only have read access. > DAV does implement a fine-grained set of permissions. However, > a davfs2 resource is mounted with a single username and password. > Essentially, thus, mounting a DAV resource on a publicly accessible > place (e.g. /mnt) has the same effect as distributing the username > and password to each user with access to the system. And *this* > would be a security problem. :) > How does AFS/Coda work wrt this? I cannot imagine that every user of > a system with AFS mounts has unconditional read and write access to > those resources... Quite the contrary; most AFS shares are mounted using Kerberos, such that only processes with the necessary Kerberos ticket (or rather, AFS token, which is acquired using the Kerberos ticket) can access the files. -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
