[OpenAFS] Openafs broken on Ubuntu Hardy ?
Madhusudan Singh
singh.madhusudan@gmail.com
Tue, 14 Oct 2008 11:52:37 -0700
------=_Part_12943_30464195.1224010357707
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hello,
Thanks for your response.
On Mon, Oct 13, 2008 at 4:33 PM, Stefan Pohl <pohl@syssoft.uni-trier.de>wrote:
> Hi,
>
>
>> I am running the latest versions of openafs-modules-source, openafs-client
>> and openafs-krb5 on an up to date installation of Ubuntu Hardy. I used
>> modules-assistant to compile the kernel module against my kernel :
>> $ uname -r
>> 2.6.24-21-generic
>>
>> $ sudo apt-cache policy openafs-client
>> openafs-client:
>> Installed: 1.4.6.dfsg1-2
>> Candidate: 1.4.6.dfsg1-2
>> Version table:
>> *** 1.4.6.dfsg1-2 0
>> 500 http://us.archive.ubuntu.com hardy/universe Packages
>> 100 /var/lib/dpkg/status
>> $ sudo apt-cache policy openafs-modules-source
>> openafs-modules-source:
>> Installed: 1.4.6.dfsg1-2
>> Candidate: 1.4.6.dfsg1-2
>> Version table:
>> *** 1.4.6.dfsg1-2 0
>> 500 http://us.archive.ubuntu.com hardy/universe Packages
>> 100 /var/lib/dpkg/status
>>
>> $ sudo apt-cache policy openafs-krb5
>> openafs-krb5:
>> Installed: 1.4.6.dfsg1-2
>> Candidate: 1.4.6.dfsg1-2
>> Version table:
>> *** 1.4.6.dfsg1-2 0
>> 500 http://us.archive.ubuntu.com hardy/universe Packages
>> 100 /var/lib/dpkg/status
>>
> I just completed an OpenAFS-client test setup on Ubuntu Hardy. Same
> versions of the Openafs-stuff, slightly older kernel (2.6.24-19-generic) and
> it works. So it's not broken on Ubuntu Hardy as such.
Ok. That gives me hope.
>
>
>
>>
>> :$ cd /afs/YYY.edu/users/X/Y/Z/XYZABC
>> bash: cd: /afs/YYY.edu/users/X/Y/Z/XYZABC: Permission denied
>>
> This look like the user you authenticate as, simply doesn't have the
> required permissions to access the directory.
Impossible. I can ssh into the server with the same username and password
without any issues. I use rsync to do regular (every 1 hour) backups to this
directory ( a process that is cumbersome, which is why I am looking to set
up my openafs client).
Someone else on the list asked me for the results of fs listacl etc.
I can cd to /afs/YYY.EDU/users/X/Y/Z and all its parents perfectly well. I
can issue ls and see what is present.
o/p of fs listacl at the above level (which is one level above my own
directory) :
$ fs listacl
Access list for . is
Normal rights:
systems:backup rl
system:administrators rlidwka
system:anyuser rl
I cannot cd into my own directory, so I ssh'ed into the server and issued fs
listacl :
$ fs listacl
Access list for . is
Normal rights:
systems:backup rl
www-hosts l
system:administrators rlidwka
XYZABC rlidwka
>
>
>> I have previously successfully authenticated to this cell with an older
>> version of openafs (it was a year ago, do not remember which).
>>
> If you could access the directory a year ago, maybe the acls of the
> directory got changed in the meantime. Is your user the owner of the
> directory? Can you access the directories above that directory?
>
The owner of all directories under /afs/YYY.EDU/users/X/Y/Z is root.root
(tested both through the local /afs tree and by ssh'ing to the server and
doing a cd ..). I do not recall what this was when things were working fine
(never needed to check), but is this normal (sounds fishy) ? In a different
cell, a long time ago, I seem to vaguely recall that the directory was owned
by the user in question. To test if this was messing up things, I cd'ed to
/afs/YYY.EDU/users/X/Y/Z/XYZABC and issued a command :
$ cd XYZABC/Private
bash: cd: XYZABC/Private: Permission denied
This is more nonsense as ~/Private holds my backups :) Maybe the fact that I
do not own /afs/YYY.EDU/users/X/Y/Z/XYZABC is shortcircuiting that command.
The owner of all files inside /afs/YYY.EDU/users/X/Y/Z/XYZABC is obviously
XYZABC.
With regards.
------=_Part_12943_30464195.1224010357707
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<div dir="ltr">Hello,<br><br>Thanks for your response.<br><br><div class="gmail_quote">On Mon, Oct 13, 2008 at 4:33 PM, Stefan Pohl <span dir="ltr"><<a href="mailto:pohl@syssoft.uni-trier.de">pohl@syssoft.uni-trier.de</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br>
<br><div><div class="Wj3C7c"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
I am running the latest versions of openafs-modules-source, openafs-client and openafs-krb5 on an up to date installation of Ubuntu Hardy. I used modules-assistant to compile the kernel module against my kernel :<br>
$ uname -r<br>
2.6.24-21-generic<br>
<br>
$ sudo apt-cache policy openafs-client<br>
openafs-client:<br>
Installed: 1.4.6.dfsg1-2<br>
Candidate: 1.4.6.dfsg1-2<br>
Version table:<br>
*** 1.4.6.dfsg1-2 0<br>
500 <a href="http://us.archive.ubuntu.com" target="_blank">http://us.archive.ubuntu.com</a> hardy/universe Packages<br>
100 /var/lib/dpkg/status<br>
$ sudo apt-cache policy openafs-modules-source<br>
openafs-modules-source:<br>
Installed: 1.4.6.dfsg1-2<br>
Candidate: 1.4.6.dfsg1-2<br>
Version table:<br>
*** 1.4.6.dfsg1-2 0<br>
500 <a href="http://us.archive.ubuntu.com" target="_blank">http://us.archive.ubuntu.com</a> hardy/universe Packages<br>
100 /var/lib/dpkg/status<br>
<br>
$ sudo apt-cache policy openafs-krb5<br>
openafs-krb5:<br>
Installed: 1.4.6.dfsg1-2<br>
Candidate: 1.4.6.dfsg1-2<br>
Version table:<br>
*** 1.4.6.dfsg1-2 0<br>
500 <a href="http://us.archive.ubuntu.com" target="_blank">http://us.archive.ubuntu.com</a> hardy/universe Packages<br>
100 /var/lib/dpkg/status<br>
</blockquote></div></div>
I just completed an OpenAFS-client test setup on Ubuntu Hardy. Same versions of the Openafs-stuff, slightly older kernel (2.6.24-19-generic) and it works. So it's not broken on Ubuntu Hardy as such.</blockquote><div>
<br>Ok. That gives me hope.<br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br><div class="Ih2E3d"><br>
:$ cd /afs/YYY.edu/users/X/Y/Z/XYZABC<br>
bash: cd: /afs/YYY.edu/users/X/Y/Z/XYZABC: Permission denied<br>
</div></blockquote>
This look like the user you authenticate as, simply doesn't have the required permissions to access the directory.</blockquote><div><br>Impossible. I can ssh into the server with the same username and password without any issues. I use rsync to do regular (every 1 hour) backups to this directory ( a process that is cumbersome, which is why I am looking to set up my openafs client).<br>
<br>Someone else on the list asked me for the results of fs listacl etc.<br><br>I can cd to /afs/<a href="http://YYY.EDU/users/X/Y/Z">YYY.EDU/users/X/Y/Z</a> and all its parents perfectly well. I can issue ls and see what is present.<br>
<br>o/p of fs listacl at the above level (which is one level above my own directory) :<br><br>$ fs listacl<br>Access list for . is<br>Normal rights:<br> systems:backup rl<br> system:administrators rlidwka<br> system:anyuser rl<br>
<br>I cannot cd into my own directory, so I ssh'ed into the server and issued fs listacl :<br><br><br> $ fs listacl<br>Access list for . is<br>Normal rights:<br> systems:backup rl<br> www-hosts l<br> system:administrators rlidwka<br>
XYZABC rlidwka<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d"><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
I have previously successfully authenticated to this cell with an older version of openafs (it was a year ago, do not remember which).<br>
</blockquote></div>
If you could access the directory a year ago, maybe the acls of the directory got changed in the meantime. Is your user the owner of the directory? Can you access the directories above that directory?<div class="Ih2E3d">
</div></blockquote><div><br>The owner of all directories under /afs/<a href="http://YYY.EDU/users/X/Y/Z">YYY.EDU/users/X/Y/Z</a> is root.root (tested both through the local /afs tree and by ssh'ing to the server and doing a cd ..). I do not recall what this was when things were working fine (never needed to check), but is this normal (sounds fishy) ? In a different cell, a long time ago, I seem to vaguely recall that the directory was owned by the user in question. To test if this was messing up things, I cd'ed to /afs/<a href="http://YYY.EDU/users/X/Y/Z/XYZABC">YYY.EDU/users/X/Y/Z/XYZABC</a> and issued a command : <br>
<br>$ cd XYZABC/Private<br>bash: cd: XYZABC/Private: Permission denied<br><br>This is more nonsense as ~/Private holds my backups :) Maybe the fact that I do not own /afs/<a href="http://YYY.EDU/users/X/Y/Z/XYZABC">YYY.EDU/users/X/Y/Z/XYZABC</a> is shortcircuiting that command.<br>
<br>The owner of all files inside /afs/<a href="http://YYY.EDU/users/X/Y/Z/XYZABC">YYY.EDU/users/X/Y/Z/XYZABC</a> is obviously XYZABC.<br><br>With regards.<br></div></div></div>
------=_Part_12943_30464195.1224010357707--