> From: Ezra Peisach <[EMAIL PROTECTED]> > Subject: On giving users the right to vos release volumes they have a access to > > I hope that transarc does not implement such a change. The nature of the > vos release commands relies on both server-server communication, but > supervised by the vos program. Interrupted vos commands can have serious > implications on the state of the service environment. This would potentially > allow a clueless user to seriously compromise the stability of a cell > where different versions of a volume may then reside on different servers. I think it might be hyperbole to say a user could seriously comprimise the stability of the cell, but I do agree that vos operations should be limited. > I feel much safer have a server process, similar to what has been mentioned, > handle vos release requests for users. The server process will ensure > completion of all commands and can be written to notify critical persons > in case of failure. Indeed. In fact I prefer to use the RTask tool I previously sent, which gives me the flexibility to not only restrict releases to certain users, based on volumes, but to also restrict the time of day of the releases, and to add other arbitrary constraints as needed. The release script I use also uses certain heuristics to automatically do addsite's as necessary. From my perspective, giving 'release' access to volume owners has no benefit, and just is another potential security problem to be aware of. > If Transarc deems it necessary to implement a clueless user vos release, > I hope there will be a server flag that will disable it. Yes, everything should be optional. I would like to have an option to turn off all the implicit administrative rights as well. To relate to another thread.. perhaps AFS might port faster if there were fewer noncritical features. -- John Redford (AKA GArrow) | 3,600 hours of tape. [EMAIL PROTECTED] | 5 cans of Scotchguard.
