[OpenAFS] "vos dump" authorization based on "bos adduser"?

Adam Megacz megacz@cs.berkeley.edu
Tue, 05 Jun 2007 10:03:23 -0700

I understand why all of the bos operations are checked against a
separate authorization list (bos adduser) rather than membership in
system:administrators -- the ptserver might be down and you need to
use bos to get it back up.

However, it seems that the volserver bases "vos dump" permission on
whether or not a user's key is in the "bos adduser" list rather than
whether or not they are in system:administrators.  Is there a reason
for this?

Actually, now that I think about it, if all the ptserver instances are
down, how would an admin be able to aklog (in order to run bos commands)?

  - a

PGP/GPG: 5C9F F366 C9CF 2145 E770  B1B8 EFB1 462D A146 C380