This file is indexed.

/usr/sbin/afs-rootvol is in openafs-dbserver 1.6.7-1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
#!/usr/bin/perl -w
# Copyright (C) 2000 by Sam Hartman
# This file may be copied either under the terms of the GNU GPL or the IBM
# Public License either version 2 or later of the GPL or version 1.0 or later
# of the IPL.

use strict;
use Debian::OpenAFS::ConfigUtils;
use Term::ReadLine;
use Getopt::Long;
use vars qw($rl $server $part $requirements_met);

=head1 NAME

afs-rootvol - Generate and populate root volumes for new AFS cells.

=head1 SYNOPSIS

B<afs-rootvol> [B<--requirements-met>] [B<--server> I<server-name>]
[B<--partition> I<partition-letter>]

=head1 DESCRIPTION

This script sets up an AFS cell's root volumes.  It assumes that you already
have a fileserver and database servers.  The fileserver should have an empty
root.afs.  This script creates root.cell, user, and service and populates
root.afs.

=head1 AUTHOR

Sam Hartman <hartmans@debian.org>

=cut
#'# cperl-mode

# This subroutine creates a volume, mounts it and then sets the access
# to allow read by anyuser.  The volume is scheduled for deletion in
# case of error.
sub mkvol($$) {
    my ($vol, $mnt) = @_;
    run("vos create $server $part $vol -localauth");
    unwind("vos remove $server $part $vol -localauth");
    run("fs mkm $mnt $vol ");
    run("fs sa $mnt system:anyuser rl");
}

# Main script.  Flush all output immediately.
$| = 1;
$rl = new Term::ReadLine('AFS');
GetOptions ("requirements-met" => \$requirements_met,
            "server=s" => \$server,
            "partition=s" => \$part);
unless ($requirements_met) {
    print <<eotext;
                            Prerequisites

In order to set up the root.afs volume, you must meet the following
pre-conditions:

1) The cell must be configured, running a database server with a
   volume location and protection server.  The afs-newcell script will
   set up these services.

2) You must be logged into the cell with tokens in for a user in
   system:administrators and with a principal that is in the UserList
   file of the servers in the cell.

3) You need a fileserver in the cell with partitions mounted and a
   root.afs volume created.  Presumably, it has no volumes on it,
   although the script will work so long as nothing besides root.afs
   exists.  The afs-newcell script will set up the file server.

4) The AFS client must be running pointed at the new cell.
eotext

    $_ = $rl->readline("Do you meet these conditions? (y/n) ");
    unless (/^y/i ) {
        print "Please restart the script when you meet these conditions.\n";
        exit(1);
    }
    if ($> != 0) {
        die "This script should almost always be run as root.  Use the\n"
            . "--requirements-met option to run as non-root.\n";
    }
}

# Get configuration information we need.
open(CELL, "/etc/openafs/server/ThisCell")
    or die "Unable to find out what cell this machine serves: $!\n";
my $cell = <CELL>;
close CELL;
chomp $cell;

unless ($server) {
    print <<eotext;

You will need to select a server (hostname) and AFS partition on which to
create the root volumes.

eotext

    $server = $rl->readline("What AFS Server should volumes be placed on? ");
    die "Please select a server.\n" unless $server;
}
unless ($part) {
    $part = $rl->readline("What partition? [a] ");
    $part = "a" unless $part;
}
print "\n";

# Make sure the user has tokens.  Forgetting to do this is a common error.
my $status = system("tokens | grep Expires > /dev/null");
if ($status != 0) {
    die "You appear to not have AFS tokens.  Obtain tokens (with aklog,\n"
        . "for example) and then run this script again.\n";
}

# Figure out where root.afs is.  There are two possibilities: either we aren't
# running with dynroot, and root.afs is therefore accessible as /afs, or we
# are running with dynroot, in which case we have to create root.cell first
# and then mount root.afs under it.
#
# Always create root.cell first; we may need it if running with dynroot, and
# it doesn't hurt to do it now regardless.
my $rootmnt = "/afs";
run("vos create $server $part root.cell -localauth");
unwind("vos remove $server $part root.cell -localauth");
my $dynroot = (-d "$rootmnt/$cell/.");
if ($dynroot) {
    run("fs mkm /afs/$cell/.root.afs root.afs -rw");
    unwind("fs rmm /afs/$cell/.root.afs");
    $rootmnt = "/afs/$cell/.root.afs";
}
run("fs sa $rootmnt system:anyuser rl");

# Scan CellServDB and create the cell mount points for every cell found there.
# Force these commands to succeed, since it's possible to end up with
# duplicate entries in CellServDB (and the second fs mkm will fail).
open(CELLSERVDB, "/etc/openafs/CellServDB")
    or die "Unable to open /etc/openafs/CellServDB: $!\n";
while (<CELLSERVDB>) {
    chomp;
    if (/^>\s*([a-z0-9_\-.]+)/) {
        run("fs mkm $rootmnt/$1 root.cell -cell $1 -fast || true");
        unwind("fs rmm $rootmnt/$1 || true");
    }
}

# Now, create the read/write mount points for root.cell and root.afs and set
# root.cell system:anyuser read.
run("fs sa /afs/$cell system:anyuser rl");
run("fs mkm $rootmnt/.$cell root.cell -cell $cell -rw");
unwind("fs rmm $rootmnt/.$cell");
run("fs mkm $rootmnt/.root.afs root.afs -rw");
unwind("fs rmm $rootmnt/.root.afs");

# Create the user and service mount point volumes to fit the semi-standard AFS
# cell layout.
mkvol("user", "/afs/$cell/user");
mkvol("service", "/afs/$cell/service");

# Strip the domain off of the cell name and create the short symlinks.
$cell =~ /^([^.]+)/;
my $cellpart = $1;
if ($cellpart && $cellpart ne $cell) {
    run("ln -s $cell $rootmnt/$cellpart");
    unwind("rm $rootmnt/$cellpart");
    run("ln -s .$cell $rootmnt/.$cellpart");
    unwind("rm $rootmnt/.$cellpart");
}
if ($dynroot) {
    run("fs rmm /afs/$cell/.root.afs");
    unwind("fs mkm /afs/$cell/.root.afs root.afs -rw");
}

# Now, replicate the infrastructure volumes.
run("vos addsite $server $part root.afs -localauth");
run("vos addsite $server $part root.cell -localauth");
run("vos release root.afs -localauth");
run("vos release root.cell -localauth");
unwind("vos remove $server $part root.cell.readonly -localauth");
unwind("vos remove $server $part root.afs.readonly -localauth");

# Success, so clear the unwind commands.
@unwinds = ();

# If we fail before all the instances are created, we need to back out of
# everything we did as much as possible.
END {
    if (@unwinds) {
        print "\nRoot volume setup failed, ABORTING\n";
    }
    run(pop @unwinds) while @unwinds;
}