Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

SUA and AFS

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [SFU / Interix / SUA Technology] >> SFU / Interix - Getting Started >> SUA and AFS Page: [1]
Login
Message << Older Topic   Newer Topic >>
SUA and AFS - Jun. 29, '06, 10:41:13 AM   
edrosen

 

Posts: 7
Joined: Mar. 30, '06,
Status: offline
We make use of AFS for much of our UNIX env, including home directories. If I set my home directory under Win Users to my AFS home dir, I get the following when I login:

(BLDWIN03) login: edrosen

Password:
Copyright (c) Microsoft Corporation. All rights reserved.

Welcome to the SUA utilities.

DISPLAY=localhost:0.0
sh: /dev/fs/P/u/edrosen/.profile ignored: improper write permissions


I can run this file from the prompt. I saw a previous post re permissions, and set the perms to 600 for this file from another system, but the SUA session still shows this file as 777:
$ pwd
/dev/fs/P/u/edrosen
$
$ ls -l .profile
-rwxrwxrwx 1 0 0 1497 Jun 28 11:43 .profile

chmod under SUA returns:
$ pwd
/dev/fs/P/u/edrosen
$ chmod 600 .profile
chmod: .profile: Invalid argument

Are there known "issues" around AFS and SUA?
Post #: 1
RE: SUA and AFS - Jun. 29, '06, 1:33:54 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
The issue, per se and as you describe the error messages, isn't an SUA/Interix thing.
The underlying driver is queried for information and Interix reports it.
The driver is having a problem or the file server is or the file server isn't liking
what/how the driver is asking/requesting.
Given that permissions are showing as 777 I'd say it's a driver thing since the file was
(I'm assuming) created on a Unix system that in all likelyhood was using a umask of 022.

The ".profile" is thing is a security check added to both sh/ksh and csh/tcsh
as they ship to prevent Trojan Horses in login scripts. The code is unique to Interix.

Who's AFS driver are you using?

(in reply to edrosen)
Post #: 2
RE: SUA and AFS - Jun. 29, '06, 5:09:27 PM   
edrosen

 

Posts: 7
Joined: Mar. 30, '06,
Status: offline
The Windows Client is OpenAFS 1.4.0101.

The server appears to be: AFS version: Base configuration afs3.6 2.57
I hope this is what you were asking for.

Is there some way to satisfy the security check so I can run my .profile from my AFS home dir? This is fairly crucial to being able to use the SUA subsystem for us.

Thanks.

(in reply to Rodney)
Post #: 3
RE: SUA and AFS - Jun. 29, '06, 6:58:56 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
The security check can be satisfied when the permissions on the file are secure enough.
That is, not writable by anyone but the owner who is the same as the running user.

As a workaround, you can use the shells from here (/Tools) because I didn't add similar code.

I'll have to go read up more on OpenAFS later tonight.

(in reply to edrosen)
Post #: 4
RE: SUA and AFS - Jun. 29, '06, 10:43:23 PM   
markfunk

 

Posts: 673
Joined: Mar. 31, '03,
Status: offline
Is AFS presenting itself as a FAT filesystem to Windows ?
Or is the Windows client making it look like a FAT file system ?

Historically, AFS has always had a problem.
I don't remember what all the problems were or
what the last status was. (it was many years ago).

(in reply to Rodney)
Post #: 5
RE: SUA and AFS - Jun. 30, '06, 2:30:26 AM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
Mark's point about your mount point presenting itself like a FAT filesystem might be it.
I've been scannning through the documentation. The documentation does indicate that AFS
is getting presented as SMB to Windows. But how well it presents itself might be questionable
since by default for "dot file" (i.e. ".login") it attaches the "hidden" attribute.
I also found that AFS can present itself by UNC pathnames.
The Interix equivalent is "/net" (/net/MACHINE/sharepoint/path...).
Try doing the access by the /net path instead of the letter drive.
The permissions may be presented better.

Another approach may be to export AFS to appear as NFS. Here's a man page on the web about it:
http://www.eyrie.org/~eagle/tmp/openafs/1/fs_exportafs.html

< Message edited by Rodney -- Jun. 30, '06, 2:32:12 AM >

(in reply to markfunk)
Post #: 6
RE: SUA and AFS - Jun. 30, '06, 1:12:37 PM   
edrosen

 

Posts: 7
Joined: Mar. 30, '06,
Status: offline
I don't see a version of ksh in the /tools list of downloads. Is it part of some other package? I also don't see the afs cell under /net/...., and so far, can't get Windows to create a share for the afs cell.

(in reply to Rodney)
Post #: 7
RE: SUA and AFS - Jun. 30, '06, 2:37:40 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
The ksh was only up as a test version for a couple of people to try out.
It hasn't been packaged. There was work on it that at some point I was going to
reverse engineer into it (the win path stuff) -- I have to clean code that and
a lot of people rely on it. The binary is sitting in /pub on the ftp site.

For /net look not for an AFS thing. Look for the name of the machine and then
the SMB sharename. That how it'll be there.

(in reply to edrosen)
Post #: 8
RE: SUA and AFS - Jun. 30, '06, 4:45:53 PM   
edrosen

 

Posts: 7
Joined: Mar. 30, '06,
Status: offline
Nothing shows up inder the /net/ComputerName dir except if I share a local directory - I cannot get Windows to accept a net share command for an AFS directory.

The ksh binary from /pub core dumps on my Win2003 box.

Bummer.

(in reply to Rodney)
Post #: 9
RE: SUA and AFS - Jul. 1, '06, 4:06:56 AM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
> The ksh binary from /pub core dumps on my Win2003 box.

That likely because of DEP (xref the FAQ for more) since it's gcc built (on Interix 3.5).
A final release into a package would like be c89 built (bypassing DEP triggering).

Not much I can do about AFS though.

(in reply to edrosen)
Post #: 10
Page:   [1]
All Forums >> [SFU / Interix / SUA Technology] >> SFU / Interix - Getting Started >> SUA and AFS Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.047