[OpenAFS-devel] Problem with IP address based ACL?
Deon George
deon@wurley.net
Wed, 21 Jun 2006 16:40:35 +1000
I just want to check to see if I have set this up properly - and maybe
somebody can tell me why it fails sometimes?
I have setup an IP address based ACL - 10.1.1.3, and added that ACL to the
group servers:web
On a directory, I have added "l" to the group servers:web (and below that
directory, I have granted read as well)
When I start the openafs-client, the host can successfully read the directory
unauthenticated (and the contents below it).
After some time, openafs refuses (unauthenticated) access - and a restart of
the openafs-client re-enables it.
Here is some info:
[root@router ~]# ls /afs/cell/home/gh/
ls: /afs/cell/home/gh/: Permission denied
[root@router ~]# klog admin
[root@router ~]# fs listacl /afs/cell/home/gh
Access list for /afs/cell/home/gh is
Normal rights:
server:web l
customers:gh rl
system:administrators rlidwka
[root@router ~]# fs getclientaddrs
10.1.1.3
[root@router ~]# pts membership server:web
Members of server:web (id: -1000) are:
10.1.1.3
10.1.1.197
Have I set this up correctly?
Why does afs refuse access to this directory after some time? What can I do to
stop that from happening?
--