afs-backend-acl

(Generate a remctl ACL from the afs-backend ACL)

SYNOPSIS

afs-backend-acl [output]

DESCRIPTION

The afs-backend program has its own ACL file that specifies exactly what each user can do, and can also take PTS groups instead of just lists of users. This is more precise than the remctl ACL file is capable of being, but for security we also want to limit the ability to even run that script to only those people who could actually do something with it.

This script generates, from the afs-backend ACL file, a remctl ACL files that just lists all the Kerberos principals of anyone who could possibly do anything with the afs-backend script.

FILES

/etc/afs-remctl/acl

The expected location of the ACL file describing which users have which volume release and creation permissions, as described in DESCRIPTION above.

/etc/remctl/acl/afs

The location to which the remctl ACL file is written.

AUTHOR

Russ Allbery <rra@stanford.edu>

COPYRIGHT AND LICENSE

Copyright 2002, 2003, 2005 Board of Trustees, Leland Stanford Jr. University.

This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

afs-backend(1), pts(1)

The current version of this program is available from the afs-backend web page at <http://www.eyrie.org/~eagle/software/afs-backend/>.

Last spun 2014-08-10 from POD modified 2013-11-22