The RPM will combine /usr/vice/etc/CellServDB.local with
/usr/vice/etc/CellServDB.dist into /usr/vice/etc/CellServDB.
If you have local changes you want to make to the CellServDB
then put them into CellServDB.local and the RPM will include
them in the new CellServDB. This is done at every 'start'
(or at least checked).
SuidCells is handled the same way.
-derek
Quoting Derrick J Brashear <[EMAIL PROTECTED]>:
IMHO this is a security issue! This should not *never* happen,
because it poses a threat to unexperienced users and during updates
of the client.
Ok, but.
The same mechanism is applied to CellServDB!
We maintain our CellServDB ourself for several reasons. This startup
script mangles our configuration and interferes with our scripts.
Even if I remove CellServDB.dist and CellServDB.local (which is
empty), my CellServDB (maintained by cfengine, and on some older
systems by a cronjob) is overwritten:
Most people don't have their own, and so instead we'll get people for
whom CellServDB never updates. Unless you can offer a solution to
that, you'll get no traction.
The script should test for existing configuration files. Modifying
CellServDB and SuidCells should be a configuration option in
/etc/default/openafs that is switched off by default.
SuidCells I buy. CellServDB, nope, try again. Like, for all the sites
which already have the global CellServDB, unless they opt in, they'll
never get an update again. That's unacceptable.
Derrick
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
