[293] in Info-AFS_Redistribution
AFS Server Shutdown Question
daemon@ATHENA.MIT.EDU (Clem Cole)
Thu Aug 22 14:47:12 1991
From: clemc@lccma.bos.locus.com (Clem Cole)
To: info-afs@transarc.com
Cc: touchstone@lccma.bos.locus.com
Date: Thu, 22 Aug 91 12:09:22 -0400
I hope other folks have solved this problem, so thanks in advance.
The Transarc Support folks suggested that I send a message here since
they did not have a good solution.
We are just starting up AFS 3.0 (on a Sun 4/110 in this case)
and have run into the following problem.
1.) AFS uses /etc/rc to start up it server processes (this is normal).
2.) AFS also assumes the Unix user ``root'' is not special for AFS
operations (a reasonable concept for clients, not clear for servers).
3.) UNIX does assume that root is special. In particular, system
shutdown with /etc/fastboot or /etc/shutdown are always run as root.
4.) Many UNIX systems at mnay sites (both pure-Joy and NJ style),
have a special UNIX log in that starts up a set-uid program called
``powerdown'', ``sysdown'', ``shutdown'' or the like. This is a
privlegded program, that can be run by mortals to take the machine
down (like before hurricanes and other ``events'') - without needing
the root password. The work by this program calling the standard
/etc/shutdown or like shell script.
The key idea is that we have trained folks to use the standard UNIX
shutdown scripts (sometimes indirectly via a special user), but
our clerks ``know'' that the shutdown script will take a UNIX
machine down. However, since AFS must be shutdown cleanly before
the UNIX shutdown is started, we need to modify the standard UNIX
(Sun in this case) shutdown scripts to shutdown AFS on the way down.
No sweat.... Sigh.
The problem is that the UNIX shutdown scripts can not perform
bos shutdown `hostname` -wait
in a script unless you already get the admin token first.
This is not nice because it means you must either:
a.) leave the admin password in clear text in a shell script
(yeech!!).
b.) compile the password into a program to the do the
work for you (also yeech).
c.) give admin priviledge to a ``clerk'' who is performing
a shutdown command - (also yeech) - that is why we have
``powerdown'' -like users anyway.
d.) Find a way to allow root to shutdown the machine (the
right solution).
So my question is:
Is there a way to give ``root'' the shutdown authority (since it
has start up authority from /etc/rc anyway) so we do not want to break
the standard UNIX start up and shutdown mechanism of so many years.
Thanks,
Clem Cole
clemc@bos.locus.com
617-229-4980
