[OpenAFS] "vos dump" authorization based on "bos adduser"?
Derrick J Brashear
shadow@dementia.org
Tue, 5 Jun 2007 13:49:05 -0400 (EDT)
On Tue, 5 Jun 2007, Adam Megacz wrote:
>
> I understand why all of the bos operations are checked against a
> separate authorization list (bos adduser) rather than membership in
> system:administrators -- the ptserver might be down and you need to
> use bos to get it back up.
>
> However, it seems that the volserver bases "vos dump" permission on
> whether or not a user's key is in the "bos adduser" list rather than
> whether or not they are in system:administrators. Is there a reason
> for this?
You can have servers with a more limited set of admins.
> Actually, now that I think about it, if all the ptserver instances are
> down, how would an admin be able to aklog (in order to run bos commands)?
-localauth. (but aklog doesn't *require* ptserver; see afslog)