Subject: Re: Why no root login
From: Marc J. Miller (itlm019@mailbox.ucdavis.edu)
Date: Thu Nov 09 2000 - 14:10:38 EST
It's done. The afpd.conf file specifies what group will be seen as root
for a particular volume. I think I even updated the comments in afpd.conf
on SourceForge to specify exactly how to do it.
At 01:24 PM 11/9/00 -0500, Matthew Temple wrote:
>All,
>
> I assume the reason you would want root login would be to create
>a volume administrator. UI received the following messagein response
>to
>a question concerning this issue several weeks ago: (I haven't yet
>checked the syntax here, and with the huge amount of discussion around
>newer versions of netatalk I'm a little nervous about upgrading.)
>
> Does anyone know the status of the "Volume Administrator" fix?
>
> Matthew Temple
>
>
>============================================================================
>
>FYI, I'm putting the finishing touches on administrator group access in
>netatalk 1.5 right now. It will allow someone in a particular group
>(which
>you specify in afpd.conf) to have root priviledges. But I'd say we're
>still
>at least a week away from having a release candidate that includes a
>fully
>functional version of it.
>
>----- Original Message -----
>From: "Temple, Matthew H." <Matthew_Temple@dfci.harvard.edu>
>To: <netatalk-admins@umich.edu>
>Sent: Thursday, September 14, 2000 7:12 PM
>Subject: volume administrator
>
>
> > All,
> >
> > We have two issues that we constantly bump into with
> > Netatalk, largely around backup. Although we can backup
> > and restore our Netatalk volumes with Legato Networker or
> > dump, we'd like to be able to use Retrospect. But since
> > Netatalk, unlike Cap, doesn't have the notion of an
> > "afp adminstrator" there's no way to mount several volumes owned
> > by different labs (we're a research organization). I've figured
> > out how to use the "Redhat private group" scheme to create a
> > volume administrator, but this scheme won't work if there are
> > different administrators across the machine. And, of course,
> > this won't help to back up individual users who aren't part of a
> > volume.
> >
> > I do see how root can log in via a simple hack to afpd, but it
> > doesn't appear to have rootly privileges.
> >
> > What do people do for backing up their shared netatalk volumes?
> >
> > Matthew Temple
> >
>=================================================================
>
>
>Ryan McBeth wrote:
> >
> > Well, you could edit /etc , but the thought of all of those
> > .AppleDouble files in /etc ...
> >
> > Ryan
> >
> > At 17:42 +0100 09/11/2000, Christian Schmidt wrote:
> > >TimY schrieb am 08.11.2000:
> > >
> > >>I can't get root to login. Is it blocked for some reason.
> > >
> > >Yes, it is. And the reason is security.
> > >
> > >On many systems, a remote root login is generally forbidden.
> > >
> > >Try logging in as "normal" user.
> > >
> > >Vai AFP, root can't do anything worthy anyway...
> > >
> > >Yours,
> > >Christian
> > >--
> > >Made with a Macintosh...
> > >ChriSchmi@t-online.de
> > >http://home.t-online.de/home/chrischmi/
> >
> > __________________________________
> > Ryan McBeth
> > Systems Administrator, Mobius New Media
> > Voice: (302) 475-9880 x11
> > FAX: (302) 475-9894
> > www.mobiusnm.com
> > __________________________________
> > If you want to achieve excellence, you can get there today. As of
> > this second, quit doing less-than-excellent work.
> > -Thomas Watson, founder of IBM
>
>--
>=============================================================
>Matthew Temple Tel: 617/632-2597
>Director, Research Computing Fax: 617/632-4012
>Dana-Farber Cancer Institute Matthew_Temple@dfci.harvard.edu
>44 Binney Street, Smith 345 http://research.dfci.harvard.edu
>Boston, MA 02115 IMAP LIVES!
>=============================================================
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:32:37 EST