[OpenAFS] AFS version of sudo for admin ?
John Tang Boyland
boyland@cs.uwm.edu
Fri, 17 Dec 2010 10:20:26 -0600
Anders Magnusson <ragge@ltu.se> wrote:
] John Tang Boyland wrote:
] > Does anyone know of a "sudo" like command for AFS admin commands?
] > admindo vos release pkg.foo
] > It would be nice, but not essential to have the token stick around
] > for 5 minutes in case you need to do another admindo soon afterwards.
] >
] Make a simple script (heimdal):
]
] #!/bin/sh
] kinit $USER/admin $*
]
] If you want the ccache to stay around for a while then do something more
] clever like:
]
] #!/bin/sh
] export KRB5CCNAME=/tmp/aksu.$USER
] if klist -t ; then
] /usr/bin/pagsh -c "aklog; $*"
] else
] kinit -l 300 $USER/admin $*
] fi
]
] -- Ragge
Thanks. I don't have Heimdahl (still using MIT) and I
have an old /bin/sh, But I was able to modify your script
as follows:
#!/bin/sh
KRB5CCNAME=FILE:/tmp/aksu.$USER
export KRB5CCNAME
if klist -s ; then
echo "(Reusing token)"
else
kinit -l 300 $USER/admin
fi
pagsh -c "aklog; $*"
Here's a sample session:
pabst.cs 270 % ./admindo vos release pkg.twelf
Password for boyland/admin@CS.UWM.EDU:
Released volume pkg.twelf successfully
pabst.cs 271 % vos release pkg.twelf
Could not lock the VLDB entry for the volume 536874088.
VLDB: no permission access for call
Error in vos release command.
VLDB: no permission access for call
pabst.cs 272 % ./admindo vos release pkg.twelf
(Reusing token)
Released volume pkg.twelf successfully
pabst.cs 273 %
And yes, the token times out after five minutes.
Thanks everyone,
John
]