[OpenAFS] uid 0 im AFS

Charles Clancy security@xauth.net
Tue, 26 Nov 2002 19:21:07 -0600 (CST)


> > > how can I create files with the uid 0?
> >
> > $ klog admin
> > $ chown root filename
> >
> > The fix is of course "fs setcell -nosetuid", but that could possible cause
> > other problems, depending on what you're distributing over AFS.
>
> I thought, that is what /usr/vice/etc/SuidCells is for - just make it
> empty and suid binaries are a problem of the past.

Let me correct myself: s/nosetuid/nosuid/

We're really talking about the same thing.  From what I understand (and
someone please correct me if I'm wrong), "fs setcell" would have to be run
everytime you (re)start the client.  The SuidCells automates that.

Without that file, ThisCell is still setuid, and all others are not.  You
have to know to touch that file if you want the nosetuid behavior.

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
[ crypto ]---[ coordinated science lab ]---[ university of illinois ]