[1685] in testers
/etc/athena/config_afs
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Wed Jul 31 23:23:20 1991
To: testers@ATHENA.MIT.EDU
Date: Wed, 31 Jul 91 23:23:22 EDT
From: John Carr <jfc@ATHENA.MIT.EDU>
I've rewritten config_afs to run faster and only do what it needs to:
. don't run fs newcell if CellServDB is unchanged
. AFS 3.1 defaults to allowing suid only from the primary cell,
so there is no need to explicitly disallow setuid
This config_afs requires that cmp move onto the root. It also requires that
suid be allowed from the primary cell if it is allowed from any cells. I
don't think this is a problem: if you only trust one cell, you should be
using it as your primary.
#!/bin/sh
PATH=/bin:/bin/athena
SUIDFILE=/usr/vice/etc/SuidCells
ROOTCELL=/usr/vice/etc/ThisCell
CELLDB=/usr/vice/etc/CellServDB
# Copy /afs/athena/service/CellServDB to /usr/vice/etc
# If it has changed, run fs newcell.
if cp -p /afs/athena/service/CellServDB ${CELLDB}.new ; then
if cmp -s ${CELLDB}.new ${CELLDB} ; then
echo "AFS Cell list unchanged."
rm -f ${CELLDB}.new
else
mv ${CELLDB}.new ${CELLDB}
/bin/sed 's/^>/ /' ${CELLDB} | awk '/^ / {printf "\nfs newcell %s",$1} ; /^[0-9]/ {printf " %s",$1} ; END {print ""}' | /bin/sh
fi
else
echo "Unable to copy /afs/athena/service/CellServDB"
fi
# If SuidCells exists, allow setuid only from those cells.
# If it does not exist, keep the default behavior (in AFS 3.1, allow suid
# only from the primary cell)
if [ -s ${SUIDFILE} ]; then
SUIDCELLS=`cat ${SUIDFILE}`
echo "Allowing setuid from the following cells:"
echo ${SUIDCELLS}
fs setcell -cell ${SUIDCELLS} -suid
else if [ -f ${SUIDFILE} ]; then
echo "Disallowing setuid from all cells."
fs setcell -cell `cat ${ROOTCELL}` -nosuid
fi
fi
