[OpenAFS] chroot'd services accessing AFS
Charles Clancy
security@ismene.csl.uiuc.edu
Thu, 28 Feb 2002 10:13:56 -0600 (CST)
At one point, I wanted to configure the standard Solaris ftpd to allow
anonymous FTP access to files in AFS space. My first attempt was to set
the ftpd user's home directory to /afs/cell/ftpd. I properly mknod'd the
devices in /afs/cell/ftpd/dev, and got the sundry /afs/cell/ftpd/etc files
in place. The setup, however, didn't work.
My question: Could it have worked? How does the AFS client react to a
chroot? If AFS doesn't support FIFOs, how does it react to block and
character devices?
I once encountered a system with a cacheinfo similar to:
/ftpd/afs:/usr/vice/cache:500000
with symlink: /afs -> /ftpd/afs
This *did* work, which leads me to believe the client would still work.
However, in this case, the device entries were mknod'd onto a standard UFS
file system. Also, did one used to be able to specify the volume name to
use as root.cell in the cacheinfo file?
Is it possible to have more than one mountpoint on the client for "/afs",
to facilitate multiple chroot'd services?
--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy