[OpenAFS] Re: "vos dump" authorization based on "bos adduser"?

Christopher D. Clausen cclausen@acm.org
Fri, 8 Jun 2007 05:22:35 -0500

Adam Megacz <megacz@cs.berkeley.edu> wrote:
> Derrick J Brashear <shadow@dementia.org> writes:
>>>>>> -localauth. (but aklog doesn't *require* ptserver; see afslog)
>>>> bosserver can't depend on ptserver..
>>> you indicate above that "-localauth" should be used in situations
>>> where bosserver must be used without any running ptservers?
>> That's bos. i said "bosserver can't depend on ptserver".
> Ok, point taken.  Still,
>> How does the bosserver decide you're eligible if there's no ptserver?
> Okay, take 2: first, bosserver checks the request to see if it was
> directly signed with the KeyFile (ie you invoked bos with -localauth).
> Since it has the KeyFile, it should be able to do this without the
> help of ptserver.  If this is the case, it permits your request.  If
> not, it tries to contact ptserver.  If it is unable to contact the
> ptserver, it rejects your request.

So how would I issue bos shutdown for an entire cell, and then bos 
startup?  Logon to one of the AFS servers so that I have access to the 
KeyFile?  This isn't ideal in certain situations.

> Is your concern that in the all-ptservers-are-down case, this leaves a
> thread/lwp on the bosserver waiting for a reply from the ptserver?  I
> guess I can appreciate that that is sort of inelegant, but aren't
> there lots of places where stuff like this happens in the server code?

Well, one often uses the bos command to stop all AFS server instances 
except bosserver.  Bos restart, bos shutdown, bos startup, etc. 
Sometimes these commands are issued remotely and the KeyFile is usually 
only on the AFS servers themselves for security reasons.

Besides, sometimes having a seperate UserList is a good thing and one 
can restrict certain operations by placing a user in either 
system:administrators or the UserList, but not both.  Or in the UserList 
on some servers and not others.

Where are there other places where this happens in the server code?

> Somewhat related: is it possible to run a dbserver+fileserver using
> something like runit instead of bosserver?

Yes, as per: