Quoting Matthew Miller <[EMAIL PROTECTED]>: > On Sun, Feb 06, 2005 at 12:46:23PM -0500, Derek Atkins wrote: > > "Doctor, doctor, it hurts when I do this...." > > Cute, but you miss the point: it could hurt when *other* people do this. I'd > be better if they weren't able to.
The docs have always said "don't use Unix Groups in the range <x..y> when you use AFS" and goes on to describe how and why. So IMHO if someone ignores the clearly docuemented "don't do this" they deserve to screw themselves. > If the "su" command let any user change user ids with no authentication, > would your solution be to suggest I not do it? That's apples and oranges. A better analogy would be if the su documentation said "putting users in group 1 will allow them to change userid without authentication" but you (or someone else) still put users into group 1. Is it SU's fault? Or the user's fault? I would say the latter, not the former. Especially in the case of OpenAFS where it's not even distributed with the base OS so users need to specifically add it themselves. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH [EMAIL PROTECTED] PGP key available _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info