[OpenAFS] Directory layout for new cells

Derrick J Brashear shadow@dementia.org
Thu, 16 Nov 2000 16:17:58 -0500

--On Thursday, November 16, 2000 04:09:50 PM -0500 Sam Hartman 
<hartmans@mit.edu> wrote:

>>>>>> "Derrick" == Derrick J Brashear <shadow@dementia.org> writes:
>     Derrick> --On Thursday, November 16, 2000 03:29:19 PM -0500 Sam
>     Derrick> Hartman <hartmans@MIT.EDU> wrote:
>     >> All you need to avoid ever using noauth is a tool to construct
>     >> a prdb and to modify it if things get broken.  MIT has such a
>     >> tool.  Sadly, it is designed to build against AFS 3.2.  Gary
>     >> Zacheiss has been trying to port to Openafs but is running into
>     >> some trouble.  I suspect he will eventually succeed.
>     Derrick> I heard a proposal that ptserver honor UserList when
>     Derrick> system:administrators has no members, which could also
>     Derrick> deal with this.
> This mostly works although I'd actually want an option to drop it into
> this mode in case say some cracker gets into the cell and then removes
> existing s:a members while adding himself.
> Where should I look if I want to try and implement this?

IIRC there are calls like:

isadmin = pr_noAuth || IsAMemberOf (mumble, frotz, SYSADMINID);

which presumably would need to be made into a function call instead (with 
at least mumble, frotz, and pr_noAuth as arguments) to add a check against 
UserList so it can be done in one place. But I'd have to look to be sure.

> assume I'd need to remove the logic that prevents database rebuilding
> if noauth is not true; will there be any harmful effects from this?

Since the header also needs to be zeroed it shouldn't be a problem.