[OpenAFS] AFS version of sudo for admin ?

John Tang Boyland boyland@cs.uwm.edu
Fri, 17 Dec 2010 10:20:26 -0600

Anders Magnusson <ragge@ltu.se> wrote:
] John Tang Boyland wrote:
] > Does anyone know of a "sudo" like command for AFS admin commands?
] > 	admindo vos release pkg.foo
] > It would be nice, but not essential to have the token stick around
] > for 5 minutes in case you need to do another admindo soon afterwards.
] >   
] Make a simple script (heimdal):
] #!/bin/sh
] kinit $USER/admin $*
] If you want the ccache to stay around for a while then do something more 
] clever like:
] #!/bin/sh
] export KRB5CCNAME=/tmp/aksu.$USER
] if klist -t ; then
]     /usr/bin/pagsh -c "aklog; $*"
] else
]     kinit -l 300 $USER/admin $*
] fi
] -- Ragge

Thanks.  I don't have Heimdahl (still using MIT) and I
have an old /bin/sh, But I was able to modify your script
as follows:

if klist -s ; then
    echo "(Reusing token)"
    kinit -l 300 $USER/admin
pagsh -c "aklog; $*"

Here's a sample session:
pabst.cs 270 % ./admindo vos release pkg.twelf
Password for boyland/admin@CS.UWM.EDU:
Released volume pkg.twelf successfully
pabst.cs 271 % vos release pkg.twelf
Could not lock the VLDB entry for the volume 536874088.
VLDB: no permission access for call
Error in vos release command.
VLDB: no permission access for call
pabst.cs 272 % ./admindo vos release pkg.twelf
(Reusing token)
Released volume pkg.twelf successfully
pabst.cs 273 %

And yes, the token times out after five minutes.

Thanks everyone,