jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 07:20:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
160854bd2b
openafs/doc/man-pages/pod1/pagsh.pod

106 lines
3.9 KiB
Plaintext
Raw Normal View History

man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
=head1 NAME
pagsh - Creates a new PAG
=head1 SYNOPSIS
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
B<pagsh>
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
=head1 DESCRIPTION
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
The B<pagsh> command creates a new command shell (owned by the issuer of
the command) and associates a new I<process authentication group> (PAG)
with the shell and the user. A PAG is a number guaranteed to identify the
issuer of commands in the new shell uniquely to the local Cache
Manager. The PAG is used, instead of the issuer's UNIX UID, to identify
the issuer in the credential structure that the Cache Manager creates to
track each user.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
Any tokens acquired subsequently (presumably for other cells) become
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
associated with the PAG, rather than with the user's UNIX UID. This
method for distinguishing users has two advantages.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
=over 4
=item *
It means that processes spawned by the user inherit the PAG and so share
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
the token; thus they gain access to AFS as the authenticated user. In
many environments, for example, printer and other daemons run under
identities (such as the local superuser C<root>) that the AFS server
processes recognize only as C<anonymous>. Unless PAGs are used, such
daemons cannot access files in directories whose access control lists
(ACLs) do not extend permissions to the system:anyuser group.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
=item *
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
It closes a potential security loophole: UNIX allows anyone already logged
in as the local superuser C<root> on a machine to assume any other
identity by issuing the UNIX B<su> command. If the credential structure is
identified by a UNIX UID rather than a PAG, then the local superuser
C<root> can assume a UNIX UID and use any tokens associated with that
UID. Use of a PAG as an identifier eliminates that possibility.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
=back
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
=head1 CAUTIONS
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
Each PAG created uses two of the memory slots that the kernel uses to
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
record the UNIX groups associated with a user. If none of these slots are
available, the B<pagsh> command fails. This is not a problem with most
operating systems, which make at least 16 slots available per user.
In cells that do not use an AFS-modified login utility, use this command
to obtain a PAG before issuing the B<klog> command (or include the
B<-setpag> argument to the B<klog> command). If a PAG is not acquired, the
Cache Manager stores the token in a credential structure identified by
local UID rather than PAG. This creates the potential security exposure
described in L<DESCRIPTION>.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
If users of NFS client machines for which AFS is supported are to issue
this command as part of authenticating with AFS, do not use the B<fs
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
exportafs> command's B<-uidcheck on> argument to enable UID checking on
NFS/AFS Translator machines. Enabling UID checking prevents this command
from succeeding. See L<klog(1)>.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
If UID checking is not enabled on Translator machines, then by default it
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
is possible to issue this command on a properly configured NFS client
machine that is accessing AFS via the NFS/AFS Translator, assuming that
the NFS client machine is a supported system type. The B<pagsh> binary
accessed by the NFS client must be owned by, and grant setuid privilege
to, the local superuser C<root>. The complete set of mode bits must be
C<-rwsr-xr-x>. This is not a requirement when the command is issued on AFS
client machines.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
However, if the translator machine's administrator has enabled UID
man1-editing-pass-20051209 Complete an initial editing and cleanup pass for all section one man pages. Fix various conversion problems, formatting inconsistencies, and obvious problems. Please note that no editing for content has yet been done; this is solely editing for formatting and correct conversion to POD. Also, add some additional section five man pages that were omitted from the first conversion run due to unusual file names, and globally replace CAVEATS with CAUTIONS in the man pages to match the original section name. The section one man pages should now be in reasonable shape and ready for additional review and further updates, although there are probably still remaining obvious problems. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== This file got the wrong name when it was originally committed. Fix.
2005-12-09 14:48:56 +00:00
checking by including the B<-uidcheck on> argument to the B<fs exportafs>
command, the command fails with an error message similar to the following:
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
man-page-whitespace-20051220 Remove all trailing whitespace while we have the chance and there are no merge issues yet.
2005-12-21 00:41:17 +00:00
Warning: Remote setpag to <translator_machine> has failed (err=8). . .
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess.
2005-12-08 12:14:33 +00:00
setpag: Exec format error
=head1 EXAMPLES
In the following example, the issuer invokes the C shell instead of the
default Bourne shell:
# pagsh -c /bin/csh
=head1 PRIVILEGE REQUIRED
None
=head1 SEE ALSO
L<fs_exportafs(1)>,
L<klog(1)>,
L<tokens(1)>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Reference in New Issue Copy Permalink