The options -logfile and -config should be enclosed
by angle brackets.
Change-Id: I9e5767b7e43753b37dbc8d86c5346c778f8bab8d
Reviewed-on: https://gerrit.openafs.org/12233
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Update the man page to reflect the current access rights required for fs
examine. Historically, fs examine required read access on the root
vnode of the volume housing the directory or file being examined. This
access check was relaxed in commit d2d591caf2,
since the information returned by the file server is already available
anonymously by other means.
Change-Id: If62b625bce8a260b98fb56a6feec49c674f2de53
Reviewed-on: https://gerrit.openafs.org/12223
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Update the afsd man page -settime and -nosettime options, which are obsolete
and no longer have any effect. Use the same wording as the other obsolete
options in the afsd man page. Keep the recommendations to use the time keeping
daemons provided by the operating system to maintain the system time.
Change-Id: I08a1bd5ae0b2d6618b3e212ebcbb98f470e33820
Reviewed-on: http://gerrit.openafs.org/12175
Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Remove the salvagerserver option to print log messages to stdout. This
was a carry over from the stand-alone salvager and is not appropriate for
a daemon.
Change-Id: I55b99112278cdabb3e9911948dbda6a628030951
Reviewed-on: http://gerrit.openafs.org/11815
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
These options were copied from the salvager man page and are not implemented by
the salvageserver.
Change-Id: Ib6c5b3fd494f1662b958442863e5fbfc0755a0c2
Reviewed-on: http://gerrit.openafs.org/11817
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Add the missing -syslog and -syslogfacility options to
the salvageserver man page.
Change-Id: I1cb057a8085c4aeda32bb003cc4cec5035d00407
Reviewed-on: http://gerrit.openafs.org/11816
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Document the built-in version sub-command which displays
the OpenAFS version string. This sub-command is provided
by the cmd library.
Document the switch style -version option provided by the cmd
library for the initcmd based commands: afsmonitor, scout,
xstat_fs_test, and xstat_cm_test.
Change-Id: Id421d2c68a5c49a2b1a5abb2f3e9ca64ea36cd3e
Reviewed-on: http://gerrit.openafs.org/11161
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Supergroup information is explicitly present in -members
Change-Id: I25527c093858bc0b029417cbf2bb07717c50bb32
Reviewed-on: http://gerrit.openafs.org/11681
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a manual page for the KeyFileExt file.
Add cross-references from all places which currently reference
KeyFile(5), and update their body text accordingly.
Change-Id: Iab56847fcb59dda0c8a344a626ddb0ff35b98b26
Reviewed-on: http://gerrit.openafs.org/11770
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Prefer KeyFileExt to KeyFile ~everywhere. Make the main documentation
assume a modern cell with KeyFileExt and rxkad-k5, moving the old
rxkad and KeyFile documentation to a new section,
HISTORICAL COMPATIBILITY.
Note that kaserver is deprecated.
Do not mention the Update Server, which is also disrecommended for
new installations.
Add a copyright statement for the new content.
Change-Id: Idcb4940615a00189b655538a9a190cc35153cc89
Reviewed-on: http://gerrit.openafs.org/11769
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a client side check to vos changeaddr -oldaddr -newaddr
to refuse to change multihomed server entries, unless -force
is given.
Change-Id: I1428e94f0c2fc19bb6ba3b2c53468f4587283bbc
Reviewed-on: http://gerrit.openafs.org/11638
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
roll back -stayonline support for volume releases for now.
Change-Id: I5b4de15892f975514ea699994cb7c1da17ac83c2
Reviewed-on: http://gerrit.openafs.org/11787
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Introduce the vos remaddrs sub-command for removing multi-homed server
entries from the vldb. The remaddrs sub-command completes the listaddrs
and setaddrs command suite and allows vos changeaddr to be deprecated
completely.
Change-Id: I98e92e776a153591a617a5b04037c3b6139d4732
Reviewed-on: http://gerrit.openafs.org/11606
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
While reviewing gerrit 11678 I noticed the -n flag was
duplicated. Remove the duplicate flag.
Change-Id: I4a63a50199e1564a0b0394445e9dc1569bb08a0c
Reviewed-on: http://gerrit.openafs.org/11688
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Remove sunrpc compatibility from rxgen. It's not tested, and
rpcgen is available from other sources. This will allow changes to be
made to rxgen without worrying about their impact on rpcgen compatibility.
Removals consist of the -l, -m, and -s switches, the source files
rpc_clntout.c and rpc_svcout.c, and the scan tokens 'program' and
'version'. The -R switch ('R compatibility') is also removed, as it's
a noop.
Change-Id: I960fac14faf072d221b8cb166e9388ab4accfa26
Reviewed-on: http://gerrit.openafs.org/10258
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
We have previously documented that volumes over 2TB can result in
inaccuracies, but this documentation does not say how the 'partition'
field in "fs listquota" can be inaccurate. It is confusing to see a
usage of 0% for a partition that you know is being used, so try to
briefly explain in what way this field is inaccurate.
The reason we _under_-report the partition usage is that the
fileserver actually gives back PartBlocksAvail and PartMaxBlocks (not
"blocks used" and "blocks total"). So 1TB used and 4TB total is
truncated to 2TB and given back as 2TB free and 2TB total. One we hit
3TB used we'll report it as 1TB free 2TB total (50%) when the actual
usage is 75%.
Change-Id: I0b3de04ef2bd6cd32fdcb1a82cbac58d5d621e5b
Reviewed-on: http://gerrit.openafs.org/11245
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
It can result only in sadness.
Document this restriction alongside UID 0 as a reserved number.
Change-Id: Ibea2d98bc15a730bc85e84477791ca45a40f2d92
Reviewed-on: http://gerrit.openafs.org/10950
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The krb5_524_conv_principal() function should fail whenever the Kerberos
v5 principal cannot safely be mapped onto a Kerberos v4 principal, and
does fail on some Kerberos v5 principals used in real-world AFS
deployments.
Prior to this patchset a failure was treated as a fatal error that
in turn prevents an AFS token from being generated or set into the
cache manager.
Prior to b1f9b4cb5d the
krb5_524_conv_principal() function wasn't used and a local client
mapping was created. b1f9b4cb5d
replaced the local mapping with the krb5 function because the local
mapping could be wrong and confusing.
The krb5_524_conv_principal() function as applied to AFS tokens is
just a local guess. How the username in the token is interpreted by
the AFS server is up to the server.
krb5_524_conv_principal() is only used for Krb5 native tokens. For Krb4
tokens the krb5_524_convert_creds() function is used to obtain both the
Kerberos v4 ticket and the converted names from the KDC. Many
organizations used the krb524d service to perform name translation. When
the krb524d service is used, the name translation is performed by the KDC,
so there is no local call to krb5_524_conf_principal() which might fail.
As a result, disallowing the use of a native Krb5 token due to a failed
local name translation is a needless loss of functionality; the local name
translation is not an essential part of obtaining a token.
This patchset modifies the behavior such that krb5_524_conv_principal()
errors are non-fatal.
1. If -noprdb is not specified the error message is generated
and a NULL username is used.
2. If the username is NULL the prdb lookup is disabled.
3. If the username is NULL the informational messages do not
include a username.
4. If the username is NULL the username info provided to the
cache manager in the token description is the nul string.
Credit to Ben Kaduk for assistance with the wording of this
commit message.
Change-Id: Ib07131fc0ff4bf5319815213198c3f0adac17b10
Reviewed-on: http://gerrit.openafs.org/11542
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Commit 5afe7a882b added a configure
option to disable the installation of the kauth suite, but did not
add any logic to disable the installation of the corresponding man
pages, so those man pages were always installed regardless of the
options to configure.
Add logic to doc/man-pages/Makefile.in to create .noinstall files
for man pages which should not be installed in the current configuration.
Depend on the Makefile (which will be regenerated by configure) in
this target so as to attempt to behave properly if configure is re-run
with different arguments in the same working tree.
Change-Id: I19b77a9f20fe27c49db14f3e800d8c77cda1bb3a
Reviewed-on: http://gerrit.openafs.org/10993
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
This tool was removed in 2006 in commit
b405868ca0. Also remove mention of
wsadmin, removed at the same time.
Change-Id: I8475b951f576f10ddd2f4b72565354b9fba41d94
Reviewed-on: http://gerrit.openafs.org/11554
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
It has been unused since the LWP fileserver was removed.
It was used to set the LWP stack size.
Change-Id: I2ffd3a2f02049a307b668a46b62b31dc9bc128a8
Reviewed-on: http://gerrit.openafs.org/11527
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
These are new files and new content; fix the copyright notice and
license to reflect.
Change-Id: I8d5f00fb7edaf2e3855e2dc2a1af07bba471c0d6
Reviewed-on: http://gerrit.openafs.org/11362
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Add a new vos release option called -force-reclone to force the
reclone of the release clone and a release to all of the remote
sites, regardless of the state of the VLDB flags on the remote
sites, but does not force full volume dumps when distributing the
volume.
Provide an alias -f for -force for compatibility with the original
IBM vos, in case scripts were written to use the old '-f' option,
and for users with muscle memory.
Change-Id: I0ebebc5e8099299781e8da57579d91848bb2ad19
Reviewed-on: http://gerrit.openafs.org/9020
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Make vlserver and volserver suppport a new command line parameter,
"-restricted_query admin". When this is on, the query RPCs that
are not needed for normal cache manager operations are restricted
to administrators listed in UserList. This is off by default.
Change-Id: I2a23a4e99cabd46b19ed491a6520773731a5994e
Reviewed-on: http://gerrit.openafs.org/10927
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
It is not always clear to users whether BosConfig.new is noticed
during an automatic restart, or if it requires stopping and starting
the bosserver. Slightly reword the relevant text and add a small note
that a "general restart" does cause BosConfig.new to be noticed, so
this is explicitly clear.
Change-Id: Iab3eaff176305b0b2991a6636e70204b5072b1b0
Reviewed-on: http://gerrit.openafs.org/11076
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
vos convertROtoRW leaves the older RW copy on the original fileserver,
although it is no longer in the VLDB. Provide the user with some hints
regarding clean up.
Change-Id: I5f6fcf7d5a516b59438d84e60f163a567d3a64fd
Reviewed-on: http://gerrit.openafs.org/9408
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Currently, one could simply query from 0 to 'pts listmax' to determine
all the usernames in a cell. The -restrict_anonymous option will block
access to almost all of the unauthenticated RPC's. PR_NameToID is still
open since aklog still needs access to this RPC. An "attack" against
this RPC would have to scan a much larger key space to determine valid
usernames in a cell.
Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c
Reviewed-on: http://gerrit.openafs.org/10951
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Gergely Risko <gergely@risko.hu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Commit 070230ab76 added documentation of
the mode parameter to bos setrestricted, claiming that the value 0 is
useless, and commit eee0bf5871 added
documentation of the restrictmode entry in BosConfig, claiming that it
can only be set back to 0 with an editor. Both claims are wrong, since
bos setrestricted -mode 0 will do exactly that (if it succeeds, which
it only can if the server is running in unrestricted mode, which can
be achieved by sending it the FPE signal). Fix the man pages
accordingly.
Change-Id: I07b75f7d0cea2e247fa4f346121de258e35119f5
Reviewed-on: http://gerrit.openafs.org/10885
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Provide a man page for the volscan utility
Change-Id: Ibaecb2b9030ee71d81f13b897694c4cf3b4b9516
Reviewed-on: http://gerrit.openafs.org/10905
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: D Brashear <shadow@your-file-system.com>
Mention the restrictmode entry and the commands for setting and
querying it in the BosConfig man page, and add/fix cross references
between the BosConfig, bos, bos_getrestricted and bos_setrestricted
ones.
Change-Id: I938ef4c43c1a248335f09975c454b36f7570782c
Reviewed-on: http://gerrit.openafs.org/10874
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Add the -emit option to the compile_et command to support parallel make.
The -emit option allows make to generate the header and the source files
independently, instead of building two files at the some time. This
avoids the issue where one command creates two separate files, which is
difficult to handle correctly for parallel makes.
Change-Id: Ib44a8e358643cf19b4834b3bd4d5b88db6cd0ccf
Reviewed-on: http://gerrit.openafs.org/7921
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
The man page documented the prefix option as -prefix; compile_et
supported only the short form -p.
Document and support both the long and short forms for the prefix
option; -p and -prefix.
Change-Id: Ide5551b06ae888748600677ed09ba674506a584f
Reviewed-on: http://gerrit.openafs.org/10721
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Document the -lang short form for -language.
Change-Id: I4a57bdb23ca5fab4e1565d7e930cdc10097a7414
Reviewed-on: http://gerrit.openafs.org/10720
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Fix two pod formatting errors and remove one trailing
whitespace characters.
Change-Id: I2ba4fd56afb8c26591d2770301c3edfdd1a898fb
Reviewed-on: http://gerrit.openafs.org/10719
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Fix typo in the dropbox section where 'l' was referred
to as 'read', not 'lookup'.
Change-Id: I6429c125f0561a1b5d4e7816930988ac1b347be7
Reviewed-on: http://gerrit.openafs.org/10750
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
- Consistently specify -dryrun and -n across various subcommands.
Many did not list -n, some listed -n but no -dryrun, and some
listed -noexecute instead.
- backup_volrestore: Add missing option -usedump
- backup_deletedump: Add missing options -groupid, -dbonly, -force,
and -portoffset
Change-Id: Iec1c36cba0ad0e61d7e6215c9cba81228b95a81f
Reviewed-on: http://gerrit.openafs.org/10441
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Add the 'checkman' script, which compares a command's "-help" output
to the options actually documented in its manpage. This command is
certainly not perfect, and may contain false negatives and false
positives. It is not (currently) intended to be run as an automated
check, but is meant to assist a human manually checking the
correctness of man pages. An error reported by 'checkman' does not
necessarily indicate something that should actually be changed.
Change-Id: Iae1965c441279dd3f93c1a7283ea0a0140d5ebe3
Reviewed-on: http://gerrit.openafs.org/10442
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
This option is completely useless since the LWP volserver was removed.
Remove the code for it.
Change-Id: I2257ba2ecd2ffeb9c47d21cbb516d6a0abb19b94
Reviewed-on: http://gerrit.openafs.org/10424
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
For every fssync-debug subcommand, provide a symlink for the
associated dafssync-debug subcommand. This way, running e.g.
"man dafssync-debug_attach" will actually give you a manpage, instead
of needing to specifically run "man fssync-debug_attach".
Change-Id: I83d71dc14f9f838d9a9900fcc62817677898dd27
Reviewed-on: http://gerrit.openafs.org/10412
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
If we indent text here, the formatting codes are not interpreted, and
the text is output "raw". So currently, we actually see
"I<system_type>" in this section, which is a bit confusing.
Saying the actual output with string substitutions and stuff here
doesn't seem very helpful when the output doesn't have any constant
text in it. Just describe what the output is instead; an example
immediately follows if this is unclear.
Change-Id: Ib3e0f0c5143afa2dd41a655ff3908c791026a426
Reviewed-on: http://gerrit.openafs.org/10411
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
