[OpenAFS] Help: Client side permission denied when access the volume

Lee Eric openlinuxsource@gmail.com
Fri, 10 Jun 2011 21:11:16 +0800 

Hi all,

I created a user home dir at /afs/herdingcat.internal/home/huli and
this dir UNIX permission listed as below.


[root@server ~]# ls -l /afs/herdingcat.internal/home/
total 2
drwx------. 2 huli users 2048 Jun  9 04:52 huli
[root@server ~]# id huli
uid=501(huli) gid=100(users) groups=100(users)

And I also created the user "huli" and the group "users" by using pts utility.

[root@server ~]# pts membership huli
Groups huli (id: 501) is a member of:
  users
[root@server ~]# pts membership users
Members of users (id: -208) are:
  huli

And what I want to accomplish is the user "huli" can only access his
own home dir and can write files in his home dir. Here's the ACLs I
set in every dir.
[root@server ~]# fs listacl /afs
Access list for /afs is
Normal rights:
  system:administrators rlidwka
[root@server ~]# fs listacl /afs/herdingcat.internal/
Access list for /afs/herdingcat.internal/ is
Normal rights:
  system:administrators rlidwka
  system:anyuser rl
[root@server ~]# fs listacl /afs/herdingcat.internal/home/
Access list for /afs/herdingcat.internal/home/ is
Normal rights:
  users rl
  system:administrators rlidwka
[root@server ~]# fs listacl /afs/herdingcat.internal/home/huli/
Access list for /afs/herdingcat.internal/home/huli/ is
Normal rights:
  system:administrators rlidwka
  huli rlidwk

And when the user "huli" get the token I got permission in every dir.

[root@server ~]# kinit huli
Password for huli@HERDINGCAT.INTERNAL:
[root@server ~]# aklog -c herdingcat.internal -d
Authenticating to cell herdingcat.internal (server server.herdingcat.internal).
Trying to authenticate to user's realm HERDINGCAT.INTERNAL.
Getting tickets: afs/herdingcat.internal@HERDINGCAT.INTERNAL
Using Kerberos V5 ticket natively
About to resolve name huli to id in cell herdingcat.internal.
Id 501
Set username to AFS ID 501
Setting tokens. AFS ID 501 /  @ HERDINGCAT.INTERNAL
[root@server ~]# tokens

Tokens held by the Cache Manager:

User's (AFS ID 501) tokens for afs@herdingcat.internal [Expires Jun 11 09:09]
   --End of list--
[root@server ~]# ls /afs/
ls: cannot open directory /afs/: Permission denied
[root@server ~]# ls /afs/herdingcat.internal
ls: cannot access /afs/herdingcat.internal: Permission denied
[root@server ~]# ls /afs/herdingcat.internal/home
ls: cannot access /afs/herdingcat.internal/home: Permission denied
[root@server ~]# ls /afs/herdingcat.internal/home/huli
ls: cannot access /afs/herdingcat.internal/home/huli: Permission denied

So could anyone show me how to fix that problems? Thanks very much.

Regards,

Eric