Bastian Blank <[EMAIL PROTECTED]> writes: > On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
>> - AFS suffers from the not-a-filesystem syndrome: file access >> control is not unix-like and will confuse users. > > Also other parts are not really POSIX-like. Hardlinks or so. The three main things that are weird are no hardlinks between directories, directory ACLs rather than file permissions (the group and other mode bits are basically ignored; the directory ACLs are all that matter), and you can mount any AFS volume as a directory under any other AFS volume, so you can get circular file systems. >> - might cause problems with existing firewalls. > > - The needed kernel module still uses rootkit-like behaviour. If you mean the system call table modification, this is now strictly optional and AFS works fine without it. It uses keyrings instead of supplemental groups. The supplemental group behavior is preserved where possible for backward compatibility, but the keyring (which was designed specifically for this sort of thing) is now the canonical repository for the PAG. A bigger problem at the kernel level is that the kernel APIs change constantly and have not infrequently had various GPL-only tags added that force OpenAFS into annoying workarounds (it is released under the IBM Public License, another DFSG-free license that isn't quite GPL-compatible). However, for systems that run stable, the corresponding stable release of OpenAFS should continue to work fine. This mostly is a problem if one runs a backported kernel, in which case you'll need a backported OpenAFS as well. I'd certainly be happy to answer questions and help with AFS setup as I have time. I'd love to have a Debian OpenAFS cell. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
