[OpenAFS] Questions about AFS security
Derrick J Brashear
shadow@dementia.org
Sun, 20 Jan 2002 20:37:08 -0500 (EST)
On Sun, 20 Jan 2002, Charles Clancy wrote:
> Looks like your editor mutilated your message. I think I get the idea,
> though.
>
> I tested the following as a member of system:administrators:
Did you also take that user out of UserLists?
> addsite add a replication site
> backup make backup of a volume
> create create a new volume
> dump dump a volume
> release release a volume
> remove delete a volume
> remsite remove a replication site
> rename rename a volume
> restore restore a volume
>
> and was able to do all of them without any 'access denied' errors. I took
> that sampling to mean all vos commands worked. Which ones don't?
Create for instance checks the vlserver list in VL_CreateEntry and the
volserver does the same in VolCreateVolume (look for calls to
afsconf_SuperUser)
-D