[OpenAFS] Features great and small
Derrick J Brashear
shadow@dementia.org
Mon, 30 Jul 2001 11:56:26 -0400 (EDT)
On Mon, 30 Jul 2001, Charles Karney wrote:
> * kas should take the password from the terminal not from stdin, this would
> allow
>
> kas -admin admin < file
> Administrator's (admin) Password:
>
> to be used to issue multiple kas commands safely. Currently it uses the
> first line in the file as the password! For obvious reasons I don't want
> to use
>
> kas -admin admin -password xxxx
given that people may script it the other way we have to be careful about
this change as it is in fact an incompatiblity (though perhaps a
desireable one)
> kas create ... -copy_password admin
>
> to allow the password to be copied from the administrator's account so
> that the adminitstrator and the user can jointly use kpasswd to update
> the password at a later time.
if it's a joint operation, why can't the admin just run kas change for the
user to change it later?
> * uss has an unnecessary eight-character limit on user names. I only know
> about this for the Transarc version. In fact, I find the whole uss
> mechanism to be rather clumsy, and have since started using my own scripts
> to set up accounts.
ours is unchanged
> * The default password for "uss add" should be disabled, not the string
> "changeme". (What were the coders of uss thinking about?)
the internet was a different place when AFS was designed
> * It's frequently necessary to change the ACL on a whole directory tree and
>
> find . -noleaf -type d -print0 | xargs -0r fs sa -acl NEWACL -dir
>
> is rather a mouthful. How about
>
> fs setacl -dir dir+ -acl acl+ -recursive [-onevolume]
is
ws dirpath -d "fs sa %f system:anyuser rl someuser write"
reasonable? i should see what the license on ws (walk subtree) is