Hi, On Fri, Jun 08, 2007 at 03:23:48PM -0500, Christopher D. Clausen wrote: > Adam Megacz <[EMAIL PROTECTED]> wrote: > > "Christopher D. Clausen" <[EMAIL PROTECTED]> writes: > >> So how would I issue bos shutdown for an entire cell, and then bos > >> startup? > > > > I guess that's the only case where this is a problem. But how often > > does somebody without login access to any of the fileservers shut down > > an entire cell (for that matter, how often does anybody ever shut down > > an entire cell)? > > > >> Logon to one of the AFS servers so that I have access to the > >> KeyFile? This isn't ideal in certain situations. > > > > If you are on the UserList, can't you (ab)use "bos exec" to steal the > > KeyFile anyways? > > There is a --enable-bos-restricted-mode configure option. I'm pretty > sure that it disables bos -exec. Maybe someone can specify what exactly > bos restricted mode enables or disables?
I found this (german) page about that topic: http://archiv.tu-chemnitz.de/pub/2001/0097/data/bosserver1.html It basically says: -restricted mode disables "bos (exec|create|delete|install|uninstall)" -restricted mode rejects "bos getlog"-requests for filenames starting with "/" (hopefully this mode will check for '..'s in the path ;-) ) -to enable restricted mode either start bos with '-restricted' option or use 'bos setrestricted' -to disable restrited mode use 'killall -FPE bosserver' Regards, Frank _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
