I wrote an afs sudo kind of thing around 2003 or so mainly intended to
replace the adm stuff that ceased working after a server upgrade. It
mostly handles vos releases for end-users but definitely not limited to
that.
Aside from "sudo" in the name and the fact that it handles elevated
privs, it doesn't behave like sudo with configurable token time-out,
etc. It runs as a daemon process on a host under a user that does have
admin access. The client side then contacts this server where they do a
challenge/response sort of thing first over the TCP port (for the
challenge) and then through a spool dir (for the response), which proves
through AFS who the user is. So, it just relies the user having a token
in the first place.
The user is then permitted to run scripts from out of a controlled path
so long as they're in a pts group named after the script, or it finds a
script suffixed with "-anyuser".
Yeah, the auth is definitely a kluge and can't do anything kas releated,
but it works for the ~500 requests/day it gets. Not sure how ready the
code is for public consumption, though. ;)
-Ducky
On 12/17/2010 06:29 AM, John Tang Boyland wrote:
Does anyone know of a "sudo" like command for AFS admin commands?
admindo vos release pkg.foo
It would be nice, but not essential to have the token stick around
for 5 minutes in case you need to do another admindo soon afterwards.
Regards,
John
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
