implement-bos-restricted-mode-
20010129
This patch enables the bosserver to be placed in a restricted mode in
which AFS superusers are only granted limited access to the server host.
The following functionality is disabled when restricted mode is in use:
bos exec
bos getlog (except for files with no '/'s in their name)*
bos create *
bos delete
bos install
bos uninstall
* specific exceptions are made for functionality that "bos salvage" uses:
a cron bnode who's name is "salvage-tmp", time is now, and command begins with
"/usr/afs/bin/salvager" may be created. This bnode deletes itself when
complete, so no special "delete" support is needed. This functionality
may be removed in the future if a "Salvage" RPC is implimented.
The file with the exact path /usr/afs/logs/SalvageLog may be fetched,
since that is how bos salvage [...] -showlog is implimented.
Restricted mode is enabled using a new bos command (bos setrestricted)
or bossever command line switch (bosserver -restricted). Restricted mode
can be disabled by a) sending the bosserver process a SIGFPE (which will
then allow restricted operations until the next restart or setrestricted
command) or b) editing /usr/afs/local/BosConfig (or BosConfig.new), and
restarting the bosserver.
projects / packages / o / openafs.git / commit