[OpenAFS] ACLs not working on afs volumes! Help!
matt cocker
matt@cs.auckland.ac.nz
Thu, 19 Aug 2004 10:56:03 +1200
Hi
We are having a weird problem with some afs volumes in that if a user
has had admin access to a volume and we remove admin access from the acl
list for that user (or remove the user from the acl list completely) the
user can just add themselves back. Is this intended behavior?
All our user volumes are prefixed with user. i.e user.username
We have tested other volumes but it only seems to be volumes the user
has had full access to.
The problem (same for linux and windows)
$ fs listacl /afs/ec.auckland.ac.nz/users/t/ctcoc006
Access list for tcoc006 is
$ fs listacl /afs/.ec.auckland.ac.nz/users/t/c/tcoc006
Access list for /afs/.ec.auckland.ac.nz/users/t/c/tcoc006 is
$ ls /afs/ec.auckland.ac.nz/users/t/ctcoc006
ls: tcoc006: Permission denied
$ fs setacl -dir /afs/ec.auckland.ac.nz/users/t/c/tcoc006 -acl tcoc006 all
$ fs listacl /afs/.ec.auckland.ac.nz/users/t/c/tcoc006
Access list for /afs/.ec.auckland.ac.nz/users/t/c/tcoc006 is
Normal rights:
tcoc006 rlidwka
$ fs listacl /afs/ec.auckland.ac.nz/users/t/c/tcoc006
Access list for tcoc006 is
Normal rights:
tcoc006 rlidwka
We are looking into other effected volumes but at the moment I just want
to know if we have miss understood how acls work but users can't even
view the acls of volume mount points that the don't have acl entries for
i.e.
fs: You don't have the required access rights on 'tcle012'
Access list for tcoc006 is
Confused
Cheers
Matt