[OpenAFS] "vos dump" authorization based on "bos adduser"?

Derrick J Brashear shadow@dementia.org
Tue, 5 Jun 2007 13:49:05 -0400 (EDT)

On Tue, 5 Jun 2007, Adam Megacz wrote:

> I understand why all of the bos operations are checked against a
> separate authorization list (bos adduser) rather than membership in
> system:administrators -- the ptserver might be down and you need to
> use bos to get it back up.
> However, it seems that the volserver bases "vos dump" permission on
> whether or not a user's key is in the "bos adduser" list rather than
> whether or not they are in system:administrators.  Is there a reason
> for this?

You can have servers with a more limited set of admins.

> Actually, now that I think about it, if all the ptserver instances are
> down, how would an admin be able to aklog (in order to run bos commands)?

-localauth. (but aklog doesn't *require* ptserver; see afslog)