Administration Reference


[Return to Library] [Contents] [Previous Topic] [Bottom of Topic] [Next Topic] [Index]

pagsh

Purpose

Creates a new PAG

Synopsis

pagsh

Description

The pagsh command creates a new command shell (owned by the issuer of the command) and associates a new process authentication group (PAG) with the shell and the user. A PAG is a number guaranteed to identify the issuer of commands in the new shell uniquely to the local Cache Manager. The PAG is used, instead of the issuer's UNIX UID, to identify the issuer in the credential structure that the Cache Manager creates to track each user.

Any tokens acquired subsequently (presumably for other cells) become associated with the PAG, rather than with the user's UNIX UID. This method for distinguishing users has two advantages.

Note:The pagsh.krb version of this command is intended for use by sites that employ standard Kerberos authentication for their clients. The pagsh.krb command provides all the functionality of the pagsh command. In addition, it defines the environment variable KRBTKFILE (which specifies the storage location of Kerberos tickets) to be the /tmp/tktpX file (where X is the number of the user's PAG). The functionality of this command supports the placement of Kerberos tickets by the klog.krb command and Kerberized AFS-modified login utilities in the file specified by the environment variable KRBTKFILE.

Cautions

Each PAG created uses two of the memory slots that the kernel uses to record the UNIX groups associated with a user. If none of these slots are available, the pagsh command fails. This is not a problem with most operating systems, which make at least 16 slots available per user.

In cells that do not use an AFS-modified login utility, use this command to obtain a PAG before issuing the klog command (or include the -setpag argument to the klog command). If a PAG is not acquired, the Cache Manager stores the token in a credential structure identified by local UID rather than PAG. This creates the potential security exposure described in the Description section.

If users of NFS client machines for which AFS is supported are to issue this command as part of authenticating with AFS, do not use the fs exportafs command's -uidcheck on argument to enable UID checking on NFS/AFS Translator machines. Enabling UID checking prevents this command from succeeding. See the reference page for the klog command.

If UID checking is not enabled on Translator machines, then by default it is possible to issue this command on a properly configured NFS client machine that is accessing AFS via the NFS/AFS Translator, assuming that the NFS client machine is a supported system type. The pagsh binary accessed by the NFS client must be owned by, and grant setuid privilege to, the local superuser root. The complete set of mode bits must be -rwsr-xr-x. This is not a requirement when the command is issued on AFS client machines.

However, if the translator machine's administrator has enabled UID checking by including the -uidcheck on argument to the fs exportafs command, the command fails with an error message similar to the following:

   
   Warning: Remote setpag to translator_machine  has failed (err=8). . . 
   setpag: Exec format error

Examples

In the following example, the issuer invokes the C shell instead of the default Bourne shell:

   # pagsh -c /bin/csh
   

Privilege Required

None

Related Information

fs exportafs

klog

tokens


[Return to Library] [Contents] [Previous Topic] [Top of Topic] [Next Topic] [Index]



© IBM Corporation 2000. All Rights Reserved