[OpenAFS] Openafs broken on Ubuntu Hardy ?

Madhusudan Singh singh.madhusudan@gmail.com
Tue, 14 Oct 2008 11:52:37 -0700


------=_Part_12943_30464195.1224010357707
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hello,

Thanks for your response.

On Mon, Oct 13, 2008 at 4:33 PM, Stefan Pohl <pohl@syssoft.uni-trier.de>wrote:

> Hi,
>
>
>> I am running the latest versions of openafs-modules-source, openafs-client
>> and openafs-krb5 on an up to date installation of Ubuntu Hardy. I used
>> modules-assistant to compile the kernel module against my kernel :
>> $ uname -r
>> 2.6.24-21-generic
>>
>> $ sudo apt-cache policy openafs-client
>> openafs-client:
>>  Installed: 1.4.6.dfsg1-2
>>  Candidate: 1.4.6.dfsg1-2
>>  Version table:
>>  *** 1.4.6.dfsg1-2 0
>>        500 http://us.archive.ubuntu.com hardy/universe Packages
>>        100 /var/lib/dpkg/status
>> $ sudo apt-cache policy openafs-modules-source
>> openafs-modules-source:
>>  Installed: 1.4.6.dfsg1-2
>>  Candidate: 1.4.6.dfsg1-2
>>  Version table:
>>  *** 1.4.6.dfsg1-2 0
>>        500 http://us.archive.ubuntu.com hardy/universe Packages
>>        100 /var/lib/dpkg/status
>>
>> $ sudo apt-cache policy openafs-krb5
>> openafs-krb5:
>>  Installed: 1.4.6.dfsg1-2
>>  Candidate: 1.4.6.dfsg1-2
>>  Version table:
>>  *** 1.4.6.dfsg1-2 0
>>        500 http://us.archive.ubuntu.com hardy/universe Packages
>>        100 /var/lib/dpkg/status
>>
> I just completed an OpenAFS-client test setup on Ubuntu Hardy. Same
> versions of the Openafs-stuff, slightly older kernel (2.6.24-19-generic) and
> it works. So it's not broken on Ubuntu Hardy as such.


Ok. That gives me hope.


>
>
>
>>
>> :$ cd /afs/YYY.edu/users/X/Y/Z/XYZABC
>> bash: cd: /afs/YYY.edu/users/X/Y/Z/XYZABC: Permission denied
>>
> This look like the user you authenticate as, simply doesn't have the
> required permissions to access the directory.


Impossible. I can ssh into the server with the same username and password
without any issues. I use rsync to do regular (every 1 hour) backups to this
directory ( a process that is cumbersome, which is why I am looking to set
up my openafs client).

Someone else on the list asked me for the results of fs listacl etc.

I can cd to /afs/YYY.EDU/users/X/Y/Z and all its parents perfectly well. I
can issue ls and see what is present.

o/p of fs listacl at the above level (which is one level above my own
directory) :

$ fs listacl
Access list for . is
Normal rights:
  systems:backup rl
  system:administrators rlidwka
  system:anyuser rl

I cannot cd into my own directory, so I ssh'ed into the server and issued fs
listacl :


  $ fs listacl
Access list for . is
Normal rights:
  systems:backup rl
  www-hosts l
  system:administrators rlidwka
  XYZABC rlidwka


>
>
>> I have previously successfully authenticated to this cell with an older
>> version of openafs (it was a year ago, do not remember which).
>>
> If you could access the directory a year ago, maybe the acls of the
> directory got changed in the meantime. Is your user the owner of the
> directory? Can you access the directories above that directory?
>

The owner of all directories under /afs/YYY.EDU/users/X/Y/Z is root.root
(tested both through the local /afs tree and by ssh'ing to the server and
doing a cd ..). I do not recall what this was when things were working fine
(never needed to check), but is this normal (sounds fishy) ? In a different
cell, a long time ago, I seem to vaguely recall that the directory was owned
by the user in question. To test if this was messing up things, I cd'ed to
/afs/YYY.EDU/users/X/Y/Z/XYZABC and issued a command :

$ cd XYZABC/Private
bash: cd: XYZABC/Private: Permission denied

This is more nonsense as ~/Private holds my backups :) Maybe the fact that I
do not own /afs/YYY.EDU/users/X/Y/Z/XYZABC is shortcircuiting that command.

The owner of all files inside /afs/YYY.EDU/users/X/Y/Z/XYZABC is obviously
XYZABC.

With regards.

------=_Part_12943_30464195.1224010357707
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div dir="ltr">Hello,<br><br>Thanks for your response.<br><br><div class="gmail_quote">On Mon, Oct 13, 2008 at 4:33 PM, Stefan Pohl <span dir="ltr">&lt;<a href="mailto:pohl@syssoft.uni-trier.de">pohl@syssoft.uni-trier.de</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br>
<br><div><div class="Wj3C7c"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
I am running the latest versions of openafs-modules-source, openafs-client and openafs-krb5 on an up to date installation of Ubuntu Hardy. I used modules-assistant to compile the kernel module against my kernel :<br>
$ uname -r<br>
2.6.24-21-generic<br>
<br>
$ sudo apt-cache policy openafs-client<br>
openafs-client:<br>
 &nbsp;Installed: 1.4.6.dfsg1-2<br>
 &nbsp;Candidate: 1.4.6.dfsg1-2<br>
 &nbsp;Version table:<br>
&nbsp;*** 1.4.6.dfsg1-2 0<br>
 &nbsp; &nbsp; &nbsp; &nbsp;500 <a href="http://us.archive.ubuntu.com" target="_blank">http://us.archive.ubuntu.com</a> hardy/universe Packages<br>
 &nbsp; &nbsp; &nbsp; &nbsp;100 /var/lib/dpkg/status<br>
$ sudo apt-cache policy openafs-modules-source<br>
openafs-modules-source:<br>
 &nbsp;Installed: 1.4.6.dfsg1-2<br>
 &nbsp;Candidate: 1.4.6.dfsg1-2<br>
 &nbsp;Version table:<br>
&nbsp;*** 1.4.6.dfsg1-2 0<br>
 &nbsp; &nbsp; &nbsp; &nbsp;500 <a href="http://us.archive.ubuntu.com" target="_blank">http://us.archive.ubuntu.com</a> hardy/universe Packages<br>
 &nbsp; &nbsp; &nbsp; &nbsp;100 /var/lib/dpkg/status<br>
<br>
$ sudo apt-cache policy openafs-krb5<br>
openafs-krb5:<br>
 &nbsp;Installed: 1.4.6.dfsg1-2<br>
 &nbsp;Candidate: 1.4.6.dfsg1-2<br>
 &nbsp;Version table:<br>
&nbsp;*** 1.4.6.dfsg1-2 0<br>
 &nbsp; &nbsp; &nbsp; &nbsp;500 <a href="http://us.archive.ubuntu.com" target="_blank">http://us.archive.ubuntu.com</a> hardy/universe Packages<br>
 &nbsp; &nbsp; &nbsp; &nbsp;100 /var/lib/dpkg/status<br>
</blockquote></div></div>
I just completed an OpenAFS-client test setup on Ubuntu Hardy. Same versions of the Openafs-stuff, slightly older kernel (2.6.24-19-generic) and it works. So it&#39;s not broken on Ubuntu Hardy as such.</blockquote><div>
<br>Ok. That gives me hope.<br>&nbsp;<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br><div class="Ih2E3d"><br>
:$ cd /afs/YYY.edu/users/X/Y/Z/XYZABC<br>
bash: cd: /afs/YYY.edu/users/X/Y/Z/XYZABC: Permission denied<br>
</div></blockquote>
This look like the user you authenticate as, simply doesn&#39;t have the required permissions to access the directory.</blockquote><div><br>Impossible. I can ssh into the server with the same username and password without any issues. I use rsync to do regular (every 1 hour) backups to this directory ( a process that is cumbersome, which is why I am looking to set up my openafs client).<br>
<br>Someone else on the list asked me for the results of fs listacl etc.<br><br>I can cd to /afs/<a href="http://YYY.EDU/users/X/Y/Z">YYY.EDU/users/X/Y/Z</a> and all its parents perfectly well. I can issue ls and see what is present.<br>
<br>o/p of fs listacl at the above level (which is one level above my own directory) :<br><br>$ fs listacl<br>Access list for . is<br>Normal rights:<br>&nbsp; systems:backup rl<br>&nbsp; system:administrators rlidwka<br>&nbsp; system:anyuser rl<br>
<br>I cannot cd into my own directory, so I ssh&#39;ed into the server and issued fs listacl :<br><br><br>&nbsp; $ fs listacl<br>Access list for . is<br>Normal rights:<br>&nbsp; systems:backup rl<br>&nbsp; www-hosts l<br>&nbsp; system:administrators rlidwka<br>
&nbsp; XYZABC rlidwka<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d"><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
I have previously successfully authenticated to this cell with an older version of openafs (it was a year ago, do not remember which).<br>
</blockquote></div>
If you could access the directory a year ago, maybe the acls of the directory got changed in the meantime. Is your user the owner of the directory? Can you access the directories above that directory?<div class="Ih2E3d">
</div></blockquote><div><br>The owner of all directories under /afs/<a href="http://YYY.EDU/users/X/Y/Z">YYY.EDU/users/X/Y/Z</a> is root.root (tested both through the local /afs tree and by ssh&#39;ing to the server and doing a cd ..). I do not recall what this was when things were working fine (never needed to check), but is this normal (sounds fishy) ? In a different cell, a long time ago, I seem to vaguely recall that the directory was owned by the user in question. To test if this was messing up things, I cd&#39;ed to /afs/<a href="http://YYY.EDU/users/X/Y/Z/XYZABC">YYY.EDU/users/X/Y/Z/XYZABC</a> and issued a command : <br>
<br>$ cd XYZABC/Private<br>bash: cd: XYZABC/Private: Permission denied<br><br>This is more nonsense as ~/Private holds my backups :) Maybe the fact that I do not own /afs/<a href="http://YYY.EDU/users/X/Y/Z/XYZABC">YYY.EDU/users/X/Y/Z/XYZABC</a> is shortcircuiting that command.<br>
&nbsp;<br>The owner of all files inside /afs/<a href="http://YYY.EDU/users/X/Y/Z/XYZABC">YYY.EDU/users/X/Y/Z/XYZABC</a> is obviously XYZABC.<br><br>With regards.<br></div></div></div>

------=_Part_12943_30464195.1224010357707--