[OpenAFS-devel] Problem with IP address based ACL?

Deon George deon@wurley.net
Wed, 21 Jun 2006 16:40:35 +1000


I just want to check to see if I have set this up properly - and maybe
somebody can tell me why it fails sometimes?

I have setup an IP address based ACL - 10.1.1.3, and added that ACL to the
group servers:web

On a directory, I have added "l" to the group servers:web (and below that
directory, I have granted read as well)

When I start the openafs-client, the host can successfully read the directory
 unauthenticated (and the contents below it).

After some time, openafs refuses (unauthenticated) access - and a restart of
the openafs-client re-enables it.

Here is some info:

[root@router ~]# ls /afs/cell/home/gh/
ls: /afs/cell/home/gh/: Permission denied

[root@router ~]# klog admin
[root@router ~]# fs listacl /afs/cell/home/gh
Access list for /afs/cell/home/gh is
Normal rights:
  server:web l
  customers:gh rl
  system:administrators rlidwka

[root@router ~]# fs getclientaddrs
10.1.1.3

[root@router ~]# pts membership server:web
Members of server:web (id: -1000) are:
  10.1.1.3
  10.1.1.197

Have I set this up correctly?

Why does afs refuse access to this directory after some time? What can I do to
stop that from happening?

--