> Is this possible within an AFS directory environment? How are
> other people accomplishing this? Are there examples of programs
> that provide this function?
No. AFS ignores UID. All that matters are tokens. If you have the
approriate access (well, if your tokens say you have appropriate
access) then you have the access.
You cannot give access to a UID, therefore a setuid program really
means nothing in an AFS environment.
What you can do, however, is have a server that accepts connections
>From clients, and this server executes the appropriate commands on the
appropriate files, and you can then give access to this server. For
example, I have a script which syncs two directory trees together. It
obtains AFS tokesn and then uses the priviledges those tokens entail.
The program obtains tokens by utilizing the kerberos srvtab service
key for the machine. (Therefore anyone with root on this partiular
machine has the access to perform this sync).
Hope this helps.
-derek
Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
Secretary, MIT Student Information Processing Board (SIPB)
PGP key available from [EMAIL PROTECTED]
[EMAIL PROTECTED] PP-ASEL N1NWH
