Davor Ocelic wrote: > On Thu, 26 Jun 2008 12:18:10 -0300 > Adrián Etchevarne <[EMAIL PROTECTED]> wrote: > >> Dean Anderson wrote: >> >> > The problem is that afs sites expects to be mounted >> > at /afs/sitename/. But pivot_root usually takes an inode/vnode, if >> > I recall. Once you have afs going, you should be able to pivot into >> > anything that has public permissions. >> > >> One important reason is that you have only one operating system to >> manage and one point less of workstation failure. I have an >> installation of 50+ machines, booting linux from network. They >> mount / from nfs, but /usr, /home and /opt are from afs and disks are >> optional. >> ..... >> The next step is to get ridden of nfs, using an initrd, but instead >> of using pivot_root, using mount --bind to mount the other >> subdirectories, including /bin and /sbin. > > How did you deal with per-file permissions? > Afs ignores most parts of file permissions, so
/dev is managed dinamically by udev in a tmpfs (so file permissions and owners are respected) /tmp, /var/run, /var/lock and similar are also in tmpfs logs are managed by a central syslog (syslog-ng) by udp /etc may be the most sensitive part of the filesystem, but in the workstations there are no servers that may have secrets. /home is protected by afs access lists and not by unix permissions (this fact confuse some students, it is not a great deal) Greetings Adrián. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
