RE: [condor-users] Windows EFS support

["Heinz, Michael William" <michael_heinz@xxxxxxxxx>]

I wondered about that.

I was able to view the contents of the files, so obviously they were not
encrypted. I've double checked the configuration files and rebooted the W2K
boxes, with no effect. It's the same config file on all Condor machines.

EFS is definitely present on the W2K machines, I was able to manually set it
for a (non-condor) folder.

-----Original Message-----
From: Colin Stolley [mailto:stolley@xxxxxxxxxxx] 
Sent: Tuesday, October 28, 2003 12:31 PM
To: condor-users@xxxxxxxxxxx
Subject: Re: [condor-users] Windows EFS support


> I think I figured it out: Apparently, W2k allows the local 
> administrator to read the encrypted folders? When I logged off 
> Administrator and logged in as a "regular user" I was unable to access 
> the contents of the execute directory.

Not true. You were denied access because the execute folder permissions are
restricted to condor-reuse-vmX and Administrators. EFS encrypts the file
based on the password of the creator of the file. In Condor's case, the
creator is condor-reuse-vmX. No other user is able to view the contents of
these files.

Again, a folder is not encrypted. The contents of the folder is. So although
you can view the files in the folder, if you attempt to open any of these
files, the open will fail unless you were the creator of the file.

Colin
Condor Support Information: http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with unsubscribe
condor-users <your_email_address>


Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>