Andrew File System

Restricting AFS ACLs

Item Type: 

If you’ve ever administrated a sufficiently large and public AFS cell, you have probably at least once had a user assign rlidwka rights to system:anyuser on a directory. This can be a real security headache, particularly when web-accessible data is pulled directly from AFS. The only way currently to make sure that doesn’t happen is to revoke users’ admin rights, but then you lose the convenience and flexibility of users maintaining permissions themselves.Arguably, this problem can be solved by user education and performing audits of ACL rights, but that isn’t always enough.

Two important OpenAFS fileserver fixes

Item Type: 

Two important fileserver fixes are available for OpenAFS 1.4.11, both of which address intermittent fileserver crashes. Source code patches are available in the OpenAFS git source code repository and are in the pipeline for the next release of OpenAFS.

The first patch fixes an error in the handling of multi-homed client hosts. An OpenAFS client host may have multiple interfaces, and hence multiple IP addresses. The fileserver attempts to associate these IP address to the host in memory. This multi-home tracking has been improved in recent releases of OpenAFS, however a subtle error was introduced around OpenAFS 1.4.8. When the last address associated with a host is removed, the callback connection for that host was also removed. In some cases that connection object was still in use by other threads, and the premature removal of the connection object will lead to a server crash when the fileserver attempts to access a null pointer.

The second fix is for an insidious and long standing bug in the host package of the fileserver. Several cases were found where the fileserver could be using a host object that had been freed. This bug could manifest in a number of terrible ways. Sometimes this bug lead to a situation where the internal list of client hosts was corrupted, in which case the fileserver could crash or even hang as it was trying to traverse a linked list that looped on itself. In other cases, the fileserver heap could be corrupted and the fileserver would crash when calling malloc, or the filerserver would crash when attempting to free an object which was already freed.

The fixes are available in the OpenAFS git repository, and are mirrored on,

  • viced-null-callback-rxcon-20091022 eliminates the premature removal of the connection object
  • viced-avoid-using-released-hosts-20091102 fixes the host package bug where the host list could be corrupted

OpenAFS Fileserver 1.4.10-1.4.11 Source Code Patch Available


An abnormal termination of a fileserver will cause a service outage. The bosserver will trigger a salvage and then restart the fileserver process.

OpenAFS 1.4.10 - 1.4.11 fileserver on all supported platforms

Sites running OpenAFS 1.4.10-1.4.11 are strongly encouraged to deploy the corrected fileserver. A source code patch for is available online

If you have any questions, please open a support ticket by sending email to support at

OpenAFS Engineer


Position Description:
The OpenAFS team of Sine Nomine Associates provides OpenAFS support and development services for customers of various industry sectors and sizes. Our OpenAFS engineers are in direct contact with our customers’ technical staff, and work together in a strongly team-oriented manner. Engineers take ownership of support and/or development tasks as assigned, and follow through from initiation to delivery.


Subscribe to RSS - OpenAFS