[OpenAFS] where to put NetRestrict?

[Sergio Gelato]

* Hagbard Celine [2005-01-17 13:51:48 +0100]:
> I thought too that /var/lib/openafs was the right guess, but seems
> that the Horst suggestion to strace fileserver was wise.
> 
> In fact, from the strace:
> 
> open("/etc/openafs/server-local/NetRestrict", O_RDONLY) = -1 ENOENT (No such fil
> e or directory)
> 
> Maybe this is a thing that should be well documented :D

I thought so, too, but now I wonder... On my Debian 3.0 systems, running the
1.2.13 packages provided by Sam Hartman at openafs.org, the correct directory
is clearly /var/lib/openafs . (I ran "strings" on the executable, and
/etc/openafs/server-local is nowhere.) For good measure I have a copy of
the NetRestrict file in both places. 

Due to Debian's excessive reluctance to update the stable distribution with
new versions of packages, vanilla 3.0r4 still has version 1.2.3 of
openafs-fileserver (unchanged since 2002-08-03, and I think there have been
security updates since then -- not to mention the t=2^30 bug). My advice
has got to be: make sure you're not running that ancient version.

I would not be too surprised to learn that the 1.2.3 build did indeed use
/etc/openafs/server-local .

Now, it should never be necessary to list 127.0.0.1 in NetRestrict.
If it shows up in the first place, that probably means that either your
/etc/hosts or your /etc/openafs/server/CellServDB file is wrong.
(Speaking of which, if you're using openafs-* packages older than 1.2.6-1
you need to be careful which version of /usr/bin/host is installed on your
system. Once again: stay away from that old 1.2.3final2-6, especially for
new installations.)