> What are the valid uid's that I can have ? Can I use the number 0
> as a valid userid in AFS?
Good questions. In general, any positive 32-bit number is a valid AFS
uid, but some operating systems have further restrictions. For example,
most OS's can't handle UID's bigger then 65535, and many treat uid's as
signed numbers, so they can't be bigger than 32767. Ultrix 4.3 does very
bad things with UID's bigger than 32000 even.
In answer to your specific question, yes, you can use an AFS uid of
zero. In particular, this means you can create files on AFS owned by uid
zero, and then make them setuid.
> My problem is that I'm trying to create a network root in AFS (id =0)
> so I can log in every machine suplying the AFS root password, while the
> local root user still being acessed supplying the local password
> (All this using the AFS supplied r-commands).
> Anymay, how AFS relates an AFS user to an UNIX user? IS this done
> comparing ids or names? So if I have user fred (unix id=326, afs id
> =327) and user john(unix id 327, afs id 326), when I log (using the afs login)
> as fred will I be fred or john in unix ??
Actually, the answer is "both". For the purposes of login and
authentication, your UNIX and AFS users are completely separate, with
separate name and UID spaces. The login provided with AFS, and most
other AFS-aware logins available on the net, make the assumption that you
use the same usernames for UNIX and AFS users. In particular, this means
that while you can only log in as a user that appears in /etc/passwd, you
can use the AFS password for the principal of the same name.
Once you're logged in, the UNIX system sees the UID's attached to files
and such, and uses the local /etc/passwd to map them to names for "ls"
and the like. You get all sorts of annoyances if you don't match up UNIX
and AFS uid's.
However, the Transarc-provided AFS login program makes a special
exception - "root" is _never_ authenticated via AFS. I can't recall
whether this check is done by username or uid, but I believe the intent
is to (1) make it hard to have a single "root" AFS password that works on
all machines, and (2) prevent you from having to wait forever to log in
to a machine as root if the authentication servers are down.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
