Protecting your SLAC AFS ~/.fastx_server/ directory

Your SLAC AFS ~/.fastx_server/ directory contains sensitive information which could expose your FastX X11 connections to others.  This could lead to a compromise of your account, and/or unauthorized keystroke monitoring.  Keystoke monitoring can capture other passwords you type, such as sudo, ssh password authentication to remote sites, or information entered in browser windows, even for https sites since the keystrokes are captured before SSL encryption is done. 

Therefore, please take care in protecting access to this directory.  Since this directory is in AFS space, you need to use AFS Access Control Lists (ACLs) to lock down the directory (regular Unix file modes using chmod do not work inside AFS space).  The Scientific Computing Services (SCS) tool "system ranger" will automatically detect and fix any ~/.fastx_server/ directories in AFS space which are too permissive, and you will get an information email just letting you know it was fixed.  If you get this email, it is only for your information, and no action is required.  If necessary, the system ranger protects your ~/.fastx_server/ directory by removing the following entries from the AFS Access Control List:

   system:anyuser rl
   system:slac rl
   system:authuser rl