[OpenAFS] OpenAFS on Linux 2.5.x
Neulinger, Nathan
nneul@umr.edu
Thu, 17 Apr 2003 13:58:02 -0500
Exactly. And I use this all the time on our linux boxes in conjunction
with kdump -users to clean up token accumulation. Possibly don't need it
any more, but I know there wasn't garbage collection at some point, or
it wasn't enabled. I do something similar on HP, though it it less
accurate due to not having /proc. (Only used on our two interactive
machines where it's ok to say "if you don't have a process owned by you,
you can't have tokens for your ptsid in the kernel".
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Chaskiel M Grundman [mailto:cg2v@andrew.cmu.edu]=20
> Sent: Thursday, April 17, 2003 1:55 PM
> To: OpenAFS-info@openafs.org
> Subject: Re: [OpenAFS] OpenAFS on Linux 2.5.x
>=20
>=20
> --On Thursday, April 17, 2003 14:38:36 -0400 Derek Atkins=20
> <warlord@MIT.EDU>
> wrote:
>=20
> > I do not think you want to be able to join an existing pag.=20
> That would
> > be a potential security violation. One of the benefits of=20
> PAGs is that
> > even 'root' can't just join one (without additional kernel=20
> hacking)...
> No kernel hacking required. if you setgroups a list that=20
> includes magic pag
> groups at the end, you can join any pag you want (setgroups=20
> is root only,
> of course)
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>=20