[OpenAFS-devel] kuserok() checking UID ownership on afs
Russ Allbery
rra at stanford.edu
Fri Feb 4 13:56:23 EST 2005
Russ Allbery <rra at stanford.edu> writes:
> Troy Benjegerdes <hozer at hozed.org> writes:
>> On the openafs side of things, I'd like to be able to have AFSid ->
>> local UID mapping functions as well, so 'ls -l' in someone else's afs
>> cell can return something intelligent, provided the local admin either
>> has a mapping daemon running, or has pre-mapped specific remote users.
> You can do this, but you have to patch libc to override the stat()
> function and the like. Unix operating systems don't have any other
> hooks available to fiddle with the UID. There isn't any way to do this
> with PAM or nsswitch.
On a second reading, if all you care about are the *names* that you get
from something like "ls -l", you can solve that through nsswitch provided
that there aren't any UID conflicts between local accounts and AFS.
If you want the *numbers* to match your local UIDs, that's more what I was
commenting on. (And you'll still have a problem if you have conflicts.)
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list