[OpenAFS] "vos dump" authorization based on "bos adduser"?
Ken Hornstein
kenh@cmf.nrl.navy.mil
Tue, 05 Jun 2007 13:28:53 -0400
>However, it seems that the volserver bases "vos dump" permission on
>whether or not a user's key is in the "bos adduser" list rather than
>whether or not they are in system:administrators. Is there a reason
>for this?
I always assumed that was because the volserver doesn't normally need to
talk to the ptserver to look up group membership, so they didn't want
to add a ptserver dependency to the volserver.
>Actually, now that I think about it, if all the ptserver instances are
>down, how would an admin be able to aklog (in order to run bos commands)?
You don't actually need the ptserver up to run aklog (check out the
-noprdb flag).
--Ken