- Cluster running Qumulo Core 2.11.4 and above
- Admin privileges on the Qumulo cluster
For an in-depth look at XPP, check out the Cross-Protocol Permissions (XPP) article for more details.
With Cross-Protocol Permissions, the access control entry rights for users/groups that are not the file or group owner will be translated to the "Others" POSIX mode bits. This action not only helps avoid potential inter-op problems with POSIX applications that might otherwise misbehave if the mode appears to deny access (that they actually have), but also ensures that the mode doesn't provide a false sense of security.
Cross-Protocol Permissions mode reveals permissions that Native Permissions Mode hides, which may trigger security checks made by SSH and SSHD after transitioning home directories.
Because of this behavior, consider the following when using SSH with XPP mode:
- The SSH client requires that private keys (e.g. $HOME/.ssh/id_rsa, etc.) not be accessible by anyone other than the owner (i.e. mode no more permissive than rwx------), and will refuse to use keys that are more broadly accessible. SSH does not allow this check to be overridden. Under XPP, the ACL for SSH private keys must not grant access to anyone other than the owner. This may be accomplished via chmod, qq, or the windows permissions dialog, before or after switching from native mode to XPP.
The SSH server also checks that the authorized_keys file and its parent directories are not writable by anyone other than the owner in order to grant authentication without requiring a password to those keys. This check exists because anyone who can write authorized_keys or modify its parent directories can gain the right to log in as that user. To avoid this behavior, you can do one of the following:
- Ensure that the ACLs on $HOME, $HOME/.ssh, and $HOME/.ssh/authorized keys do not grant write permissions to anyone other than the owner.
- Move the authorized_keys files to a location that can be secured to OpenSSH server's liking via the "AuthorizedKeys" configuration option in /etc/ssh/sshd_config on every SSH server machine if it is absolutely necessary that user home directories be modifiable by anyone other than their owner.
- Disable the security check by setting "StrictModes no" in /etc/ssh/sshd_config on every SSH server machine if you need to have authorized_keys files be writable by a non-owner.
NOTE: If an inheritable ACL is set on home directories, it will generally be necessary to fix permissions on new private key files before they are usable.