[OpenAFS] AFS version of sudo for admin ?
Dirk Heinrichs
dirk.heinrichs@altum.de
Fri, 17 Dec 2010 20:16:52 +0100
Am Freitag 17 Dezember 2010, um 15:29:41 schrieb John Tang Boyland:
> Does anyone know of a "sudo" like command for AFS admin commands?
Errh, what about sudo?
You could create a special kerberos principal with a random key ("scripts"),
which is stored in a keytab ("/etc/scripts.keytab"). Also make it an afs user
and put it into system:administrators.
Put the following commands at the beginning of your script:
export KRB5CCNAME=/tmp/krb5cc_scripts
kinit -k -t /etc/scripts.keytab scripts
aklog
and these ones at the end:
unlog
kdestroy
The rest is configuring sudo properly so that only selected users can execute
the script.
HTH...
Dirk