LOADAFS(1) —
NAME
loadafs − copy files into the Andrew File System (AFS only)
SYNOPSIS
loadafs source destination root_password
DESCRIPTION
Loadafs recursively copies a directory structure into the Andrew File System from a regular file system, fixing problems that can occur because of differences in the two types of file systems. All set-gid programs and non-root set-uid programs are replaced with shell scripts that are set-uid to root, which call the original program with the correct effective user and group id’s, using setid(8). For example, if you copy the /usr file system into the Andrew file system, using the command:
loadafs /usr /andrew root_password
/andrew/usr/ucb/w will be a shell script that calls /andrew/usr/ucb/.w via setid (8).
Loadafs should only be run while logged in as a member of the System:Administrators group in the Andrew file system. This is required so that loadafs will have the permissions that are required to set up set-uid programs. The root password is required to get around a security feature of the Andrew file system -- the super-user can never be authenticated, and therefore can never become a member of the System:Administrators group. With the super-user password, loadafs becomes two users at once: root to read in the files from the IBM/4.3 file system and some other user (whoever you are logged in as) in order to create files in the Andrew file system.
All programs that are copied get their read permission bits turned on. This is done because there is no "super-user" in the Andrew file system. It is suggested that you use the access list mechanism to turn off read permission on files. Similarly, all files that are set-uid get their write permission turned off. This is done because any user that can write to a file in the Andrew file system can do so without clearing the set-uid bit on it. This is an attempt to simulate the behavior of a IBM/4.3 file system, where writing to a file clears the set-uid bit if you are not the super-user.
SEE ALSO
BUGS
To copy a directory such that the destination’s directory name is different from the source’s name. You must first create the destination directory by hand, and then use loadafs with a "/." appended to the end of the source directory. The destination must then include the entire pathname, not just the tail. This is similar to the behavior of "cp -r".
Since the super-user password is an argument that loadafs requires, that password could be determined by unauthorized users. It is suggested that before using loadafs, you should make sure there are no unauthorized users logged in. It is also a good idea to make sure the password does not find its way into your .history file, since you typed it at the shell prompt. This page intentionally left blank.
PRPQs 5799-WZQ/5799-PFF: IBM/4.3 — Sept 1988