On Wednesday, May 04, 2005 13:16:30 -0500 "Douglas E. Engert" <[EMAIL PROTECTED]> wrote:
What are the interactrions between the Solaris 10 Zones, and AFS cache and PAGs. Is there any chance that if the root user in one zone requests a PAG or sets the groups just right, they could somehow manage to look like they are a member of a PAG from another zone?
Yes. OpenAFS is not aware of zones at all, so the PAG namespace ends up being global rather than per-zone. So not only can root from one zone steal a PAG from another, but PAG-less users in different zones but with the same uid will share tokens.
-- Jeff _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
