Many thanks, Ivan!

On Tue, 10 Aug 2004 19:48:27 +0200
Ivan Popov <pin_at_medic.chalmers.se> wrote:

> Hello James,
> 
> On Tue, Aug 10, 2004 at 06:02:44PM +0100, James Le Cuirot wrote:
> > While I can write with my normal user account, I cannot write as root. When
> > I
> 
> Let us make it clear, for Coda "root" is nothing special, just
> an uid, like any other. That uid's rights are determined in the same way,
> by acls and by tokens that uid possesses (in your case probably none).
> 
> > try, the command simply hangs until I press Ctrl+C. I use Entrance to log in
> > and
> 
> Would you include a small typesctipt? Otherwise it is hard to know for sure
> what situation it is and which command fails in which way.

I've since created a 'root' user in Coda with uid 999. Unfortunately I can't
make the uid 0 so that files created as that user would actually say 'root' on
them but oh well. I guess I'll create a 'codaroot' user with uid 999 on the
local system or something. After setting the ACLs correctly, this seems to work.
I'm not sure why it simply sat there instead of saying "Permission Denied"
before. I wasn't trying anything particularly unusual. All I did was start
venus, go to my home folder as root and type 'touch blah'.

> > as far as I can tell, it's writes the Xauthority file as root because when I
> > try
> 
> If the login program tries to write things into Coda without having tokens
> it is just plainly wrong. It should not succeed - unless the user's directory
> is wide open to the whole world.
> (the program _may_ have tokens as it gets the user's password,
> but yours probably doesn't...)

So what I will do now is get root to get tokens automatically at boot time and
then it should be able to write to that folder. Even if it can't get tokens, if
it's disconnected, it should still work okay. I have tested this.

> > but I can imagine the inability to write as root causing problems in other
> > ways.
> 
> Sure, all programs which depend on special root rights on non-local
> filesystems, will fail. Period.
> It is not Coda-related, it is usual practice even on NFS.
> 
> Programs, which switch uid to the user's one and try to write
> as the user, without acquiring the tokens, will fail too!
> It is their fault, as local uid posession can _not_ give global rights
> without proving the identity to the file server.
> Fortunately, pam can help to some degree, acquiring the tokens.
> 
> You should also instruct login programs to create Xauthority somewhere
> on a _local_ file system as that file is inherently Xserver==host bound.
> You have no need (and you do not want) to share Xauthority information,
> as you do not want to run X without tunneling anyway.
> 
> (it is a well-known security hole, .Xauthority on NFS...
> as Coda does not encrypt the traffic, the hole would be as big on Coda, too)

I will also use this PAM thing to acquire the tokens for the non-root accounts.
I haven't tried that yet though. The Xauthority problem is in hand. XDM creates
these files in /tmp. Entrance creates them in the home folder but I have added a
feature (which will soon be in CVS) that will allow you to specify the name of
the Xauthority file so they will still be in the home folder but named
.Xauthority-hostname. Security isn't too much of a concern. This will primarily
be for use on a private LAN. If I do end up doing things over the net, I will
use a secure VPN tunnel.

Now two problems remain. I can't figure out how to resolve conflicts at all. The
docs are 4 years out of date and I can't find any info elsewhere. I tried using
the 'repair' tool but first it complained about files not being found and then I
don't really know what happened. I had to use venus -init in the end. :-S
Fortunately I'm only using test files at the moment.

I am also unable to hoard anything. It worked once when I started venus with the
-primaryuser option. I have since discovered that hoard should always work as
root. But now whatever account I use, whether it be root or my own account with
the -primaryuser option, I always get "Permission Denied." I am connected and
have tokens so I don't know what the problem is. I'm getting errors like this in
venus.log...

[ W(20) : 0000 : 20:09:12 ] Cachefile::SetLength 512

[ W(20) : 0000 : 20:09:16 ] HDBD_Request (Add): <0> Not an authorized user

[ T(01) : 0007 : 20:10:01 ] BeginRvmFlush (1, 1976, T)
[ T(01) : 0007 : 20:10:02 ] EndRvmFlush

[ T(01) : 0009 : 20:10:21 ] BeginRvmTruncate (13, 5600, I)
[ T(01) : 0009 : 20:10:22 ] EndRvmTruncate

[ W(20) : 0000 : 20:10:30 ] HDBD_Request (Clear): <0> Not an authorized user
[ W(20) : 0000 : 20:11:21 ] HDBD_Request (Walk): <0> Not an authorized user
[ W(20) : 0000 : 20:11:21 ] HDBD_Request (Verify): <0> Not an authorized user

James