[824] in SIPB_Linux_Development
[daemon@ATHENA.MIT.EDU : New config_afs.sh]
daemon@ATHENA.MIT.EDU (yandros@MIT.EDU)
Sun Dec 4 21:31:27 1994
From: yandros@MIT.EDU
Date: Sun, 4 Dec 1994 21:31:09 +0500
To: linux-dev@MIT.EDU, netbsd-dev@MIT.EDU
I've heard more than one person talk about `fixing' config_afs.
People who are serious about getting it done and tested (I don't have
a good test machine, alas) should look at this:
------- Forwarded transaction
[3329] daemon@ATHENA.MIT.EDU (Richard Basch) Release_Engineering 12/01/94 00:25 (84 lines)
Subject: New config_afs.sh
Date: Wed, 30 Nov 1994 19:25:00 -0500
To: rel-eng@MIT.EDU
From: "Richard Basch" <basch@MIT.EDU>
Changes:
- Uses "cmp" to determine if any changes are necessary (speedup)
(if cmp is not available, or there are changes, the right thing will happen,
so there is no dependency on cmp being on the root).
- Changes the mode of CellServDB to 644 once everything is merged. (bug fix)
- Does the suid/nosuid settings in batches of 20, to prevent overflowing
command-line buffers on various platforms. (speedup for Sun)
- The old version on the Sun did not properly honor SuidCells.local
(or so I noticed during the testing...)
(Personally, I think this should be part of the AFS package, rather than
a script off by itself in src/athena/etc/scripts.)
This script should replace the current one on all platforms.
-Richard
#!/bin/sh -
#
# $Id$
#
# This script configures the workstation's notion of AFS.
# 1. It updates the cell location information from /usr/vice/etc/CellServDB
# 2. It updates the cell setuid information from /usr/vice/etc/SuidCells
PATH=/bin:/bin/athena; export PATH
VICEDIR=/usr/vice/etc
CELLDB=${VICEDIR}/CellServDB
SUIDDB=${VICEDIR}/SuidCells
echo "Updating cell location information"
rm -f ${VICEDIR}/Ctmp
cp /afs/athena.mit.edu/service/CellServDB ${VICEDIR}/Ctmp && \
[ -s ${VICEDIR}/Ctmp ] && \
mv -f ${VICEDIR}/Ctmp ${CELLDB}.public && \
cat ${CELLDB}.public ${CELLDB}.local >${VICEDIR}/Ctmp 2>/dev/null
rm -f ${CELLDB}.last
ln ${CELLDB} ${CELLDB}.last
mv -f ${VICEDIR}/Ctmp ${CELLDB}
chmod 644 ${CELLDB}
cmp ${CELLDB}.last ${CELLDB} >/dev/null 2>&1 || \
awk ' \
/^>/ {printf("\nfs newcell %s", substr($1,2,length($1)-1))}; \
/^[0-9]/ {printf(" %s",$1)}; \
END {printf("\n")}' ${CELLDB} | sh
echo "Updating setuid cell information"
rm -f ${VICEDIR}/Ctmp
cp /afs/athena.mit.edu/service/SuidCells ${VICEDIR}/Ctmp && \
[ -s ${VICEDIR}/Ctmp ] && \
mv -f ${VICEDIR}/Ctmp ${SUIDDB}.public && \
cat ${SUIDDB}.public ${SUIDDB}.local >${VICEDIR}/Ctmp 2>/dev/null
mv -f ${VICEDIR}/Ctmp ${SUIDDB}
chmod 644 ${SUIDDB}
echo "Only allowing setuid/setgid programs from the following cells:"
(awk '/^>/ {print $1}' ${CELLDB}; cat ${SUIDDB}) | awk '\
/^>/ {i++; cells[i]=substr($1,2,length($1)-1);suid[i]=0;next}; \
/^-/ {for (j=1;j<=i;j++) {if (substr($1,2,length($1)-1)==cells[j]) \
{suid[j]=0;next;}}}; \
{for (j=1;j<=i;j++) {if ($1==cells[j]) {suid[j]=1;next}}}; \
END { ns=0; nn=0; \
for (j=1;j<=i;j++) { \
if (suid[j]){ns++;scmd=scmd" "cells[j];\
print "echo",cells[j];}\
else {nn++;ncmd=ncmd" "cells[j];};\
if (ns>20) \
{printf("fs setcell %s -suid\n", scmd);scmd="";ns=0;};\
if (nn>20) \
{printf("fs setcell %s -nosuid\n",ncmd);ncmd="";nn=0;};\
} \
if (ns) {printf("fs setcell %s -suid\n", scmd)};\
if (nn) {printf("fs setcell %s -nosuid\n",ncmd)};\
}' | sh
exit 0
--[3329]--
------- End forwarded transaction
