[OpenAFS-devel] New subcommand for pts

Sven Oehme oehmes@de.ibm.com
Tue, 15 Feb 2005 21:43:34 +0100


This is a multipart message in MIME format.
--=_alternative 0071CF47C1256FA9_=
Content-Type: text/plain; charset="US-ASCII"

Jeffrey Hutzelman <jhutz@cmu.edu> wrote on 14/02/2005 21:50:03:

> 
> 
> On Monday, February 14, 2005 08:02:27 PM +0100 Sven Oehme 
> <oehmes@de.ibm.com> wrote:
> 
> > Hello,
> >
> > we have introduced a new subcommand for pts  ..
> >
> > it adds and removes a user to or from a list of given groups with one
> > command.
> > if the user doesn't exist, he creates the user and adds him into the
> > necessary groups .
> >
> > see some examples :
> >
> > localhost# pts help setgroups
> >
> > pts setgroups: Set a user into a fixed list of groups
> >
> > Usage: pts setgroups -user <user name>+ -group <group name>+ [-cell
> > <cell name>] [-noauth] [-force] [-help]
> > Where: -noauth  run unauthenticated
> >        -force   Continue oper despite reasonable errors
> 
> This isn't really a basic operation, and given that the AFS architecture 

> allows users to create and manage theor own groups, I wouldn't expect it 
to 
> be a common operation, either.

yes and no, if you have to manage a huge amount of Users, because you have 
a central 
administration for a very huge cell, this is something you need.

> 
> It can't be done atomically, because the ptserver only provides 
interfaces 
> to add or remove a single group membership for a single user at a time.
> 
> Why does it belong in 'pts', instead of in a script?

yes that's true , and this is our problem, we have to fork a binary , 
authenticate, .... for each add or remove. 
this takes to long in a script and we have run time problems updating a 
big number of changes in a bulk within a given time.
i think this is a function which makes live easier for admins in a big 
environment 

> 
> -- Jeff

Sven
-------------------------------------------------------------------------------------------------------------------------
Dept. A153,  STG/ISC EMEA AIS Strategy and Architecture
Development Leader Stonehenge 
IBM intranet ---> http://w3.ais.mainz.de.ibm.com/stonehenge/
internet ---> http://www-5.ibm.com/services/de/storage/stonehenge.html
Phone (+49)-6131-84-3151
Fax      (+49)-6131-84-6708
Mobil   (+49)-171-970-6664
E-Mail : oehmes@de.ibm.com

--=_alternative 0071CF47C1256FA9_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2><tt>Jeffrey Hutzelman &lt;jhutz@cmu.edu&gt; wrote on 14/02/2005
21:50:03:<br>
<br>
&gt; <br>
&gt; <br>
&gt; On Monday, February 14, 2005 08:02:27 PM +0100 Sven Oehme <br>
&gt; &lt;oehmes@de.ibm.com&gt; wrote:<br>
&gt; <br>
&gt; &gt; Hello,<br>
&gt; &gt;<br>
&gt; &gt; we have introduced a new subcommand for pts &nbsp;..<br>
&gt; &gt;<br>
&gt; &gt; it adds and removes a user to or from a list of given groups
with one<br>
&gt; &gt; command.<br>
&gt; &gt; if the user doesn't exist, he creates the user and adds him into
the<br>
&gt; &gt; necessary groups .<br>
&gt; &gt;<br>
&gt; &gt; see some examples :<br>
&gt; &gt;<br>
&gt; &gt; localhost# pts help setgroups<br>
&gt; &gt;<br>
&gt; &gt; pts setgroups: Set a user into a fixed list of groups<br>
&gt; &gt;<br>
&gt; &gt; Usage: pts setgroups -user &lt;user name&gt;+ -group &lt;group
name&gt;+ [-cell<br>
&gt; &gt; &lt;cell name&gt;] [-noauth] [-force] [-help]<br>
&gt; &gt; Where: -noauth &nbsp;run unauthenticated<br>
&gt; &gt; &nbsp; &nbsp; &nbsp; &nbsp;-force &nbsp; Continue oper despite
reasonable errors<br>
&gt; <br>
&gt; This isn't really a basic operation, and given that the AFS architecture
<br>
&gt; allows users to create and manage theor own groups, I wouldn't expect
it to <br>
&gt; be a common operation, either.<br>
</tt></font>
<br><font size=2><tt>yes and no, if you have to manage a huge amount of
Users, because you have a central </tt></font>
<br><font size=2><tt>administration for a very huge cell, this is something
you need.</tt></font>
<br>
<br><font size=2><tt>&gt; <br>
&gt; It can't be done atomically, because the ptserver only provides interfaces
<br>
&gt; to add or remove a single group membership for a single user at a
time.<br>
&gt; </tt></font>
<br><font size=2><tt>&gt; Why does it belong in 'pts', instead of in a
script?<br>
</tt></font>
<br><font size=2><tt>yes that's true , and this is our problem, we have
to fork a binary , authenticate, .... for each add or remove. </tt></font>
<br><font size=2><tt>this takes to long in a script and we have run time
problems updating a big number of changes in a bulk within a given time.</tt></font>
<br><font size=2><tt>i think this is a function which makes live easier
for admins in a big environment </tt></font>
<br>
<br><font size=2><tt>&gt; <br>
&gt; -- Jeff<br>
</tt></font>
<br><font size=2 face="sans-serif">Sven<br>
-------------------------------------------------------------------------------------------------------------------------<br>
Dept. A153, &nbsp;STG/ISC EMEA AIS Strategy and Architecture<br>
Development Leader Stonehenge <br>
IBM intranet ---&gt; http://w3.ais.mainz.de.ibm.com/stonehenge/<br>
internet ---&gt; http://www-5.ibm.com/services/de/storage/stonehenge.html<br>
Phone (+49)-6131-84-3151<br>
Fax &nbsp; &nbsp; &nbsp;(+49)-6131-84-6708<br>
Mobil &nbsp; (+49)-171-970-6664<br>
E-Mail : oehmes@de.ibm.com</font>
<br>
--=_alternative 0071CF47C1256FA9_=--