Protect Your Files

We use the AndrewFileSystem to store member home directories and other important data. This is very convenient, since it allows a consistent view of our file system to be mounted on all of our machines, and it even allows members to mount that filesystem locally, so that editing HCoop files is as easy as editing files on local disk.

However, this adds security and privacy considerations beyond what is usual for UNIX systems. Anyone on the Internet can mount our filesystem as a guest user. Such people can then do anything with our files that has been allowed for system:anyuser. By default, system:anyuser is granted directory listing permissions, but no other permissions, on your home directory. Every time you create a subdirectory of your home directory or any other directory, the initial permissions for the new directory are copied from the parent directory. Thus, if you take no special action, anyone on the Internet will be able to list the full recursive contents of your home directory.

The full details of AFS permissions are beyond the scope of this little blurb, but the most important thing to know is that, if you want to keep directory contents private, you should run this on each new subdirectory you create of your home directory:

fs sa ~/SUBDIRECTORY system:anyuser none

It is important that you not run this command on your base home directory, since some utility processes need to be able to list the contents of your home directory to get to your ~/.public directory, which contains important contents like (possibly) a mail .forward file and Domtool configuration. For the same reason, you should keep system:anyuser permissions as they are set by default on your ~/.public directory.