> Ok, I'll ask this question which I've been meaning
> to look into: what is the easiest/cleanest way to
> restrict logins to our file server to certain people
> (to avoid, say, it running out of swap) while allowing
> everybody to log into our CPU server?
Split the authentication domain into two.
One for ordinary users in which "our CPU server" and
the file server (fossil processes) runs, and the other
in which the file server (the box itself) boots and runs.
my memo:
http://p9c.cc.titech.ac.jp/plan9/secp9.html#secventi
Hope this helps.
--
