[OpenAFS-devel] Re: Permission bug?

Markus Suvanto markus.suvanto@gmail.com
Thu, 21 Jan 2010 16:17:08 +0200 

2010/1/21 Harald Barth <haba@kth.se>:
>
> The combination with an insert only "drop" directory works here with
>
> ftpd from heimdal (0.7.2 or newer, tested with 0.7.2 and 1.1)
> afs client from openafs (1.4.0 or newer, tested up to 1.4.11)
> afs server from openafs (tested with various, up to 1.4.11)
>

> My guess is that your ftp server does not do the open/creat/write
> dance in a way that the afs client sees as "insert" (you don't
> want to grant "write" for obvious reasons).

Thanks, that was 50% of the problem:
 It seems that vsftpd-2.2.2 did not do the "open/create/write dance"
correctly but after downgrade version vsftpd-2.0.7 everything works
like before.

And finally I notice that the rest of the problem was openafs
client kernel module.

Gentoo ebuild don't support the lastest stable kernel yet so I have
cloned git://git.openafs.org/openafs.git
and use openafs-stable-1_4_x stable branch.

./regen
./configure
./make dest
cp  amd64_linux2/.../modload/libafs-2.6.32.3.mp.ko
/lib/modules/2.6.32.3/fs/openafs/libafs.ko


The latest git tree don't work.

commit 26ffbd3f1c07420796c772e821786cfa4bcc0bc5
Author: Simon Wilkinson <sxw@inf.ed.ac.uk>
Date:   Sat Jan 16 15:52:58 2010 +0000


I have not bisect where the regression is but
now I use version  below  and everything works.

commit 88fd7d0b93e20dca13ce51eb3556da6c6dd4d580
Author: Simon Wilkinson <sxw@inf.ed.ac.uk>
Date:   Wed Dec 23 13:29:54 2009 +0000

    Shout less about system call hooks when using keyrings

    When keyrings are in use, the user doesn't really care whether or
    not we manage to hook the system call table, and the current message
    has proved confusing, as it seems to indicate something has gone wrong.

    Tone down the warning that's produced when keyrings are in use. This is
    1.4.x only, as we're going to completely disable system call probes when
    keyrings are in use in 1.5.x

    FIXES 125215

    Change-Id: I60bbe852d11f2f0c9546b30c877f5ff27d05e7fb
    Reviewed-on: http://gerrit.openafs.org/1024
    Reviewed-by: Derrick Brashear <shadow@dementia.org>
    Tested-by: Derrick Brashear <shadow@dementia.org>



Example of using (88fd7d0b93e20dca13ce51eb3556da6c6dd4d580)

client 15:58 foo >fs la .
Access list for . is
Normal rights:
  masu li
client 15:58 foo >ls -lah
total 30M
drwxr-xr-x 2 masu users 2.0K Jan 21 14:34 .
drwxr-xr-x 4 masu users 2.0K Jan 21 15:56 ..
-rw-r--r-- 1 masu users  30M Jan 21 14:34 testfile


Example of using (not working) (26ffbd3f1c07420796c772e821786cfa4bcc0bc5)
client 15:56 foo >ls -lah
ls: cannot access testfile: Permission denied
total 4.0K
drwxr-xr-x 2 masu users 2.0K Jan 21 14:34 .
drwxr-xr-x 4 masu users 2.0K Jan 21 15:54 ..
?????????? ? ?    ?        ?            ? testfile

-Markus