[OpenAFS-devel] Re: Re: root via openafs?
Adrián Etchevarne
adrian.etchevarne@gmail.com
Fri, 27 Jun 2008 15:12:04 -0300
Davor Ocelic wrote:
> On Thu, 26 Jun 2008 12:18:10 -0300
> Adrián Etchevarne <adrian.etchevarne@gmail.com> wrote:
>
>> Dean Anderson wrote:
>>
>> > The problem is that afs sites expects to be mounted
>> > at /afs/sitename/. But pivot_root usually takes an inode/vnode, if
>> > I recall. Once you have afs going, you should be able to pivot into
>> > anything that has public permissions.
>> >
>> One important reason is that you have only one operating system to
>> manage and one point less of workstation failure. I have an
>> installation of 50+ machines, booting linux from network. They
>> mount / from nfs, but /usr, /home and /opt are from afs and disks are
>> optional.
>> .....
>> The next step is to get ridden of nfs, using an initrd, but instead
>> of using pivot_root, using mount --bind to mount the other
>> subdirectories, including /bin and /sbin.
>
> How did you deal with per-file permissions?
>
Afs ignores most parts of file permissions, so
/dev is managed dinamically by udev in a tmpfs (so file permissions and
owners are respected)
/tmp, /var/run, /var/lock and similar are also in tmpfs
logs are managed by a central syslog (syslog-ng) by udp
/etc may be the most sensitive part of the filesystem, but in the
workstations there are no servers that may have secrets.
/home is protected by afs access lists and not by unix permissions (this
fact confuse some students, it is not a great deal)
Greetings
Adrián.