[OpenAFS] eliminating non-ptserver authorization (was: "vos dump" authorization based on "bos adduser")

Frank Burkhardt fbo2@gmx.net
Mon, 11 Jun 2007 12:25:33 +0200


On Fri, Jun 08, 2007 at 03:23:48PM -0500, Christopher D. Clausen wrote:
> Adam Megacz <megacz@cs.berkeley.edu> wrote:
> > "Christopher D. Clausen" <cclausen@acm.org> writes:
> >> So how would I issue bos shutdown for an entire cell, and then bos
> >> startup?
> >
> > I guess that's the only case where this is a problem.  But how often
> > does somebody without login access to any of the fileservers shut down
> > an entire cell (for that matter, how often does anybody ever shut down
> > an entire cell)?
> >
> >> Logon to one of the AFS servers so that I have access to the
> >> KeyFile?  This isn't ideal in certain situations.
> >
> > If you are on the UserList, can't you (ab)use "bos exec" to steal the
> > KeyFile anyways?
> There is a --enable-bos-restricted-mode configure option.  I'm pretty 
> sure that it disables bos -exec.  Maybe someone can specify what exactly 
> bos restricted mode enables or disables?

I found this (german) page about that topic:


It basically says:

 -restricted mode disables "bos (exec|create|delete|install|uninstall)"
 -restricted mode rejects "bos getlog"-requests for filenames starting with "/"
  (hopefully this mode will check for '..'s in the path ;-) )
 -to enable restricted mode either start bos with '-restricted' option or
  use 'bos setrestricted'
 -to disable restrited mode use 'killall -FPE bosserver'