[OpenAFS-devel] kuserok() checking UID ownership on afs

Russ Allbery rra at stanford.edu
Fri Feb 4 13:56:23 EST 2005

Russ Allbery <rra at stanford.edu> writes:
> Troy Benjegerdes <hozer at hozed.org> writes:

>> On the openafs side of things, I'd like to be able to have AFSid ->
>> local UID mapping functions as well, so 'ls -l' in someone else's afs
>> cell can return something intelligent, provided the local admin either
>> has a mapping daemon running, or has pre-mapped specific remote users.

> You can do this, but you have to patch libc to override the stat()
> function and the like.  Unix operating systems don't have any other
> hooks available to fiddle with the UID.  There isn't any way to do this
> with PAM or nsswitch.

On a second reading, if all you care about are the *names* that you get
from something like "ls -l", you can solve that through nsswitch provided
that there aren't any UID conflicts between local accounts and AFS.

If you want the *numbers* to match your local UIDs, that's more what I was
commenting on.  (And you'll still have a problem if you have conflicts.)

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the krbdev mailing list