Re: Any way to allow setuid daemon to access krb5 automounted nfs directories?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Orion Poplawski wrote:

  Is there any way to allow setuid daemon to access krb5 automounted
  nfs directories?  Specifically I'm looking to run spamassassin's
  spamd on a remote server and access user's home directories via krb5
  nfs4.  spamd changes user to the user receiving the email being
  processes and needs to modify files in the user's home directory.
  Is there any reasonably secure way to give this daemon the ability
  to do this?  Any way to tell rpc.gssd to use a specific credential
  cache for this type of access rather than the default for that
  effective uid?

You don't want to give spamd the user's credentials. You want to acl the
user's files so that spamd can do what it wants. Spamd will need its own
krb5 principal.

But I hope you're not planning to deliver mail over nfs. I think that would
be a mistake.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux