>For example, if you are root on a fileserver (or in our cell on
>any machine), you can, without any tokens at all, use 'vos dump'
>to dump any volume. You can read the files in the dumped volume
>with no difficulty. If you know what you're doing, you can then
>modify the dump and restore it, overwriting the original volume.
In our cell, you have to be the afs superuser to dump volumes. Or, if you on
a fileserver, you can be root and use -localauth. But wait, if you are on
fileserver with root access, you can wipe out all the data with a newfs. This
is why we lock our fileservers in a machine room. If you run your afs cell
properly, many of the inconsistencies you point out go away.
Mark Giuffrida
Univ of Michigan, CAEN
[EMAIL PROTECTED]
