[tahoe-dev] User access

Dimitri Yioulos dyioulos at yahoo.com
Thu Sep 17 13:21:43 PDT 2009 


--- On Thu, 9/17/09, Brian Warner <warner at lothar.com> wrote:

> From: Brian Warner <warner at lothar.com>
> Subject: Re: [tahoe-dev] User access
> To: tahoe-dev at allmydata.org
> Date: Thursday, September 17, 2009, 3:50 PM
> > I've just about got everything
> all figured out, but I'm wondering how
> > other users on my system can use tahoe.
> 
> Great!
> 
> > How can I make tahoe "universally" usable (if there is
> such a thing).
> > A step-by-step would be appreciated.
> 
> It depends upon what you're trying to do, and how much your
> users are
> willing to rely upon you. The Tahoe client node is used to
> handle the
> secret filecaps and get back the (secret) plaintext of the
> corresponding
> files. So if Alice is using a node run by Bob, then Bob (by
> modifying
> the node a little bit) gets to see all of Alice's files. If
> Alice isn't
> comfortable with this, she needs to run her own client
> node. To do this,
> she should go though the same "tahoe create-client" process
> as Bob did.
> 
> However, if Bob owns the computer that Alice is using, then
> Alice is
> always going to be vulnerable to Bob's intrusion: even if
> she ran her
> own copy of the client, Bob could use his root-powers to
> take over the
> process and reveal her secrets. So there's not much point
> in asking her
> to run a separate node. If this describes the relationship
> between you
> and the other users on your system, then here's what I'd
> do:
> 
>  1: make sure that the "tahoe" executable is available to
> all users:
>     use "python setup.py install" or similar to
> get it into /usr/bin/tahoe
>  2: send a copy of your BASEDIR/node.url file to all of
> your users. This
>     will probably be http://localhost:3567/ or 8123 or something similar.
>  3: instruct your users to each do the following:
>      mkdir ~/.tahoe
>      mkdir ~/.tahoe/private
>      chmod go-rwx ~/.tahoe
>      paste that URL into
> ~/.tahoe/node.url
>      tahoe create-alias tahoe
>      tahoe ls   (should
> show an empty directory)
> 
> This will give each user their own stub .tahoe basedir,
> which contains
> their private rootcaps and the shared webapi URL. All CLI
> commands that
> they run will use your tahoe client node, but will store
> the rootcaps in
> their own directory. The tahoe client node doesn't log the
> filecaps it
> works on, so unless you modify the client, you won't
> normally be seeing
> their private filecaps.
> 
> This works because the Tahoe CLI commands are all written
> to use the
> webapi, via whatever URL is recorded in
> ~otheruser/.tahoe/node.url . The
> Tahoe client node itself uses the other files in
> ~myuser/.tahoe/ , like
> tahoe.cfg, and provides the webapi interface (writing the
> listening URL
> to node.url). When Bob runs CLI commands *and* runs a
> client node,
> they'll both use the same ~/.tahoe directory. When Alice is
> running the
> CLI commands against Bob's client node, they'll use
> different
> directories, but merely copying the node.url from
> ~bob/.tahoe to
> ~alice/.tahoe is enough to make it work.
> 
> Note that the convergence secret and the lease-management
> secrets are
> stored in the node's basedir, not the CLI-user's basedir
> (since there is
> no provision in the webapi to pass these secrets around).
> So, while
> Alice will have her own rootcap, Bob will still trivially
> be able to
> cancel her leases (i.e. delete her files) and mount
> partial-information
> guessing attacks against her filecaps. But these
> vulnerabilities pale in
> comparison to Bob's ability to see all of her filecaps by
> just adding
> more logging code to his node.
> 
> hope that helps,
>  -Brian
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at allmydata.org
> http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
> 

First, thanks to both you and Shawn for your quick and informative responses.  Truly appreciated.

What I'm after is for any user we designate (there are only two, at present, myself included) to be able to store data on a directory I've created on the production grid.  If the instructions you've provided will accomplish that, then I'm a happy sysadmin :-) .

Dimitri

More information about the tahoe-dev mailing list