[tahoe-dev] User management

zooko zooko at zooko.com
Sat Dec 1 09:01:30 PST 2007 

> that several users belonging to the same group could start the same
> node, even if they are not the creator of the node. I've tried to do
> this, but I've got an error (failed to launch app errno1) on the
> certificate file (node.pem), so I suppose that the node certificate is
> also dependent on the node creator.

Hello Francesco.

It isn't that Tahoe detects the user and changes its behavior based  
on the user, it is that tahoe changes the permission bits in your  
unix filesystem.

There are a few files that tahoe changes the permissions on:

~/playground/allmydata/tahoe/trunk$ grep chmod src/allmydata/*.py
src/allmydata/client.py:        os.chmod(control_furl_file, 0600)
src/allmydata/logpublisher.py:        os.chmod(furlfile, 0600)
src/allmydata/node.py:        os.chmod(certfile, 0600)
src/allmydata/node.py:                    os.chmod(fn, filemode)
src/allmydata/webish.py:        os.chmod(startfile, 0600)

The second hit in node.py is here:
http://allmydata.org/trac/tahoe/browser/src/allmydata/node.py? 
rev=1627#L166

It gets called from only one, place, here:
http://allmydata.org/trac/tahoe/browser/src/allmydata/client.py? 
rev=1580#L67

These five files are all "sensitive" in that they contain information  
which is secret and which would give an attacker power if he got  
their contents.

You can work-around this by running "chmod -R g+u" on the tahoe state  
directory (which is named ~/.tahoe by default).

I'm not entirely sure if that work-around will work around all of  
those chmods or just some of them.  (Because some of them might be  
chmodded again later by tahoe.)

You could also edit the source code referenced above and change the  
"0600" to "0660".

I've opened a trac ticket about this topic:

http://allmydata.org/trac/tahoe/ticket/219

Along the way, I realized that there is currently a race condition in  
which a very lucky local attacker, or one who had the ability to slow  
down or interrupt the operation of the tahoe process, could steal  
some of the secrets.

Dear Francesco: please write to us again about your experiences in  
deploying tahoe v0.6.1.  Feedback about documentation,  
administration, operation, etc. is very helpful -- we need to hear  
both the good and the bad parts about how tahoe works.

Regards,

Zooko

More information about the tahoe-dev mailing list