[OpenAFS] OpenAFS and Solaris 10 Zones
Douglas E. Engert
deengert@anl.gov
Thu, 05 May 2005 14:25:17 -0500
Chris Huebsch wrote:
> On Wed, 4 May 2005, Matthew Weigel wrote:
>
>> If I'm understanding you correctly, that would be a great big
>>
>> "WARNING! DO NOT RUN OPENAFS ON A MULTI-ZONE SYSTEM (for now)"
>>
>> kind of thing?
>
That is what is sounds like, with out some AFS zone mods.
>
> I depends, from what I know about zones, they are like virtual
> host-systems. When one has a user-management which is unified over all
> zones, that doesn't seem to be a problem at all. So if two distinct
> persons have different uids in all zones, a mixup of priviledges should
> not occur.
But if I understand zones if a user in one zone has root in that zone he
could use any UID and in effect use the APG or tokens from users in other
zones.
One of the reasons for zones is to give a user root in a zone, when
you would not give the same user root on a normal machine.
>
>
> Chris
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444