[OpenAFS] Questions about AFS security

Derrick J Brashear shadow@dementia.org
Sun, 20 Jan 2002 20:37:08 -0500 (EST)


On Sun, 20 Jan 2002, Charles Clancy wrote:

> Looks like your editor mutilated your message.  I think I get the idea,
> though.
> 
> I tested the following as a member of system:administrators:

Did you also take that user out of UserLists?

> addsite         add a replication site
> backup          make backup of a volume
> create          create a new volume
> dump            dump a volume
> release         release a volume
> remove          delete a volume
> remsite         remove a replication site
> rename          rename a volume
> restore         restore a volume
> 
> and was able to do all of them without any 'access denied' errors.  I took
> that sampling to mean all vos commands worked.  Which ones don't?

Create for instance checks the vlserver list in VL_CreateEntry and the
volserver does the same in VolCreateVolume (look for calls to
afsconf_SuperUser)

-D