Subject: Re: [netatalk-admins] Feature Suggestion: AFP/TCP running as user, not root
From: Stefan Bethke (stefan@promo.de)
Date: Fri Nov 14 1997 - 05:53:36 EST
At 18:50 Uhr +0100 13.11.1997, Eugene Cohen wrote:
>What I'm thinking of is the situation where a user, not an administrator,
>would like to mount the server on his Mac with the priviledges that his
>account on the server has. I'm envisioning an authentication scheme where
>the [AFP] logged in user keeps the UID of afpd. Under this scheme, a
>single (non-root) user could start the specially-configured afpd running on
>a high port number, and log in and access the server with the priviledges
>that their account on the server already has. In other words, the
>authentcation mechansim would not change the UID, but rather allow a single
>account (that of the user running afpd) access to the server.
>
>What I would like to do is to write a simple program on my Mac that would
>send an rsh command to a server to start afpd, log in and mount the volume,
>and later send another rsh command to stop afpd once I have logged out.
>(The sysadmins usually don't like us to keep daemon processes running all
>the time). I think this could be valuable to users out there. See what
>I'm getting at? Would this be too difficult to implement?
I wrote:
>>What is your objection against running the master afpd as root, besides the
>>usual wisdom of running as few as possible processes as root?
So what you want is cheat on your sysops :-)
I think this could be done, but it might involve some serious code changes,
and for me this isn't worthwile.
Stefan
-- Stefan Bethke Promo Datentechnik | Tel. +49-40-851744-18 + Systemberatung GmbH | Fax. +49-40-851744-44 Eduardstrasse 46-48 | e-mail: stefan@Promo.DE D-20257 Hamburg | http://www.Promo.DE/
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:28:04 EST