Thomas J Orban ([EMAIL PROTECTED]) wrote:
> Now that they're deciding what features to add to afs 3.5, is there
> anyone else who'd concur with our cell in suggesting they split off
> the privileges to run vos and backup commands from privileges to
> run bos commands?
I have mentioned this in this group, only to be attacked by people who
seem to believe I am naive for wanting this, or for thinking it provides
any level of security. I have about 100 machines, about 100 gigabytes of
disk space, and over 2500 users. There are 42 people who have root
privileges on some of my machines, most of whom need no such access, but
must be given it for political reasons. I have simply not publicised the
fact that this root access gives many of them the power to create, move,
delete, rename, and otherwise make a mess of volumes.
AFS has been of great use to us, but I wish it had better facilities for
the distributed management of large sites. For example, we could make
use of the ADM utility (as we do to some extent already), but we cannot
compile a version which will allow me to delegate the power to reset
passwords, because of the US export restrictions on DES. Surely Transarc
could supply a compiled version of adm and admsrv for sites like ours?
> Hopefully they'll get around to providing setuid on a per-volume
> basis too.
This would also be useful to us. I would like to have suid work in
system volumes, but not in user volumes, for example. But, say some,
you have to have admin privileges to create a suid file, don't you?
I'm not sure how the status quo could be exploited, but I would feel
slightly more comfortable if there were another wall between the system
and the hackers.
Despite all this, I don't expect Transarc will be eager to make large
changes in software which they hope will become obsolete soon, if DFS/DCE
gets off the ground.
-- Owen
[EMAIL PROTECTED]
