On Fri, 21 Apr 1995, Tom Orban wrote:
> My suggestions would be to:
> 1) separate out the privileges for bos and vos. I would like to be able
> to give permission to someone to release volumes. I don't want to
> implicitly give them root on my servers because of this though.
>
> 2) Have transarc either provide an extra bosserver that *doesn't* have
> a -exec option for those of us who think bos -exec is too big of a hole,
> or maybe just add a -noexec option to the bosserver so those sites who
> don't want -exec can start the bosserver without it.
>
I did this sometime in '93, full of enthousiasm, it's a very simple mod.
However, when I understood the role of the KeyFile a bit later, I realized
that it is absolutely not worth the effort:
what's your AFS server supposed to do? Serve AFS files! Why do you want
to keep somebody from becoming root on the server, if by simply
encrypting a token with the userid of his choice he can do with those
files what he wants anyway? And if he can get at the KeyFile on *one*
server - in AFS that gives you control over (at least the files on) *all*
servers.
In fact, I don't think the distinction of three privileges (admin flag,
UserList, system:administrators) makes much sense in AFS at all. With any of
those privileges you can get the other ones (well, system:administrators only
helps if your servers use files out of AFS from time to time, but why bother
anyway if you can wipe out everything).
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rainer Toebbicke - [EMAIL PROTECTED] -or- [EMAIL PROTECTED] O__
European Laboratory for Particle Physics(CERN) - Geneva, Switzerland > |
Phone: +41 22 767 4911 Fax: +41 22 767 8690 ( )\( )
