Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!ucbvax!PAN.SSEC.HONEYWELL.COM!thompson From: thompson@PAN.SSEC.HONEYWELL.COM (John Thompson) Newsgroups: comp.sys.apollo Subject: re: Diskless boot control Message-ID: <9102140001.AA29016@pan.ssec.honeywell.com> Date: 14 Feb 91 00:01:28 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 38 > First a brief description of diskless node booting ... > In order to boot a diskless machine, the partner machine must be running > /sys/net/netman. "netman" only handles booting requests. After the diskless > .... It may get drafted into booting service whether or not it likes it! True. See pp 3-39 and 3-40 in _Managing_Aegis_System_Software_ (010852-A00). > Now there used to be a way to control this in a very general method ... > prior to SR10.0, ACL's not only had a user, group, and project field ... > they also had a 4th field which was the node ID! Thus, file access could > be restricted (or allowed) according to the node which requested access > to the file. Presumably you could have ACL'd the /sauN directory according > to which nodes you wanted to allow to boot from each partner. Well, you can't set it up quite as flexibly as sr9 allowed you to for node-access, but there is a '-lao' (and '-nolao') switch on edacl. (There's an equivalent switch in chacl, Unix fans.) This switch prevents the object from being opened by a remote node. I personally vote against this sort of thing, because I like the wide-open network of disks concept (although I still protect the system software....) Setting the /sauX directory to local-access only would prevent ANY node from booting diskless off it. You wouldn't be able to allow node 1234 and 5678 access, but no-one else. > Now as to what you can do under SR10.x ... one thing comes to mind ... > When "netman" services a boot request it executes /sys/net/netman.rc, > which is a link to either "netman.bin_sh" or "netman.com_sh". These > shell scripts set up the /sys/node_data.NODE_ID directory for the > diskless node. One of the arguments to the shell script is the node ID > of the diskless node. You could edit the shell script to explicitly.... I'd do it in the script, if I were you. -- jt -- John Thompson Honeywell, SSEC Plymouth, MN 55441 thompson@pan.ssec.honeywell.com Me? Represent Honeywell? You've GOT to be kidding!!!