automating 'vos release'

Russ Allbery rra@stanford.edu
16 Apr 2001 15:38:40 -0700


Jim Barlow <jbarlow@ncsa.uiuc.edu> writes:

> Not sure how big your cell is, or how many users you support, but doing
> it by hand at many sites would not be feasible.  For instance, we serve
> all our web content from replicated AFS volumes.  We have a couple
> hundered people who can modify much of that content then need to have
> the modifications pushed out to the read-only copies.  If each of these
> users had to call an AFS admin every time they made an update, well you
> get the idea.

We give our web folks a tool that lets them release specific volumes.  It
requires that you have a machine somewhere with access to a Kerberos
identity that's in UserList, unfortunately, but if you're willing to put
up with that security risk, there are innumerable ways that you could
implement such a thing, from an authenticated web page to a sudo or k5su
type setup that only lets them execute one command to something built on
top of sysctl or one of the other Kerberos-authenticated RPC-like
protocols.

The web folks here *love* being able to do this themselves, particularly
since we also have a web server running for them that looks at the
read-write tree rather than the read-only tree so that they can preview.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>