IMHO this is a security issue! This should not *never* happen, because it
poses a threat to unexperienced users and during updates of the client.
Ok, but.
The same mechanism is applied to CellServDB!
We maintain our CellServDB ourself for several reasons. This startup script
mangles our configuration and interferes with our scripts. Even if I remove
CellServDB.dist and CellServDB.local (which is empty), my CellServDB
(maintained by cfengine, and on some older systems by a cronjob) is
overwritten:
Most people don't have their own, and so instead we'll get people for whom
CellServDB never updates. Unless you can offer a solution to that, you'll
get no traction.
The script should test for existing configuration files. Modifying CellServDB
and SuidCells should be a configuration option in /etc/default/openafs that
is switched off by default.
SuidCells I buy. CellServDB, nope, try again. Like, for all the sites
which already have the global CellServDB, unless they opt in, they'll
never get an update again. That's unacceptable.
Derrick
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
