[OpenAFS] Setting the setacl on newly created volumes

Jeffrey Hutzelman jhutz@cmu.edu
Tue, 24 Jul 2001 01:34:49 -0400 (EDT) 

On Fri, 20 Jul 2001, Charles Karney wrote:

> To get around this, I would propose one or both of the following extensions
> to "vos create"
> 
> Allow an initial ACL to be specified when a volume is created, e.g.,
> 
>     vos create server a user.jsmith -max 100000 -acl jsmith all -local
>
> Alternatively let the owner be specified with
> 
>     vos create server a user.jsmith -max 100000 -owner jsmith -local

Either of these are hard, but not impossible.  They will require a new
variant of the AFSVolCreateVolume RPC, allowing the owner and/or initial
ACL to be specified.  They will also require vos or the volserver to
perform PTS lookups, which in turn means additional dependencies during
the build and when setting up a new cell.  ACL-parsing introduces some
additional work, in the form of parsing the ACL on the command line and
producing some suitable structure for use over the wire (FWIW, the
existing 'fs sa' command does _not_ do any of this -- ACL's are sent to
the fileserver in a mostly-text format, and it handles all the name
lookups as well as conversion to the format actually used on disk). 

> By the way, the AFS documentation is coy about exactly what the "owner" (as
> given by ls -ld) is all about.

The owner of a directory appears as its UNIX owner, and has implicit 'a'
rights on the directory.  The owner of a volume is the same as the owner
of its top-level directory, and has implicit 'a' rights on every directory
in the volume. 

> I think the following is true:
> 
> * the owner has implicit "a" rights on a directory

True.

> * the only way to change the owner is to be BOTH Unix root AND a member of
>   system:administrators

False.  To change the owner of a file in AFS, you must be a member of the
system:administrators group.  Some UNIX clients will require that you also
be root; generally this is true only of archaic platforms that perform
this check in the VFS layer instead of letting the filesystem do it.

> * the owner of a file determines Unix privs when a setuid program is run in
>   a setuid cell.

Yes; the owner of a setuid executable is the euid that will be used when
that file is executed; similarly, the group of a setgid executable is the
egid that will be used.  To set the setuid or setgid bit on a file in AFS,
you must be a member of system:administrators.

> It this right?  Are there any other places that AFS uses the owner?  Is
> there an need for an entry in the /etc/passwd file?

That's pretty much it.  AFS itself has no dependency on the /etc/passwd
file, though many sites use the convention that a user's Unix UID and AFS
ID are always the same. 

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA