[OpenAFS] Permission Question

Shyh-Wei Luan luan@almaden.ibm.com
Tue, 5 Feb 2002 13:25:45 -0800


Take a look at the "uss" command
(http://www.openafs.org/pages/doc/AdminReference/auarf242.htm#HDRUSS_INTRO)
for setting up users.

Attached  is some code excerpt we have for our production cell's new user
registration.  It's Java issuing "pts", "kas", and "uss" commands.  You can
certainly do these in Perl.  Theoretically one should be able to "uss"
without "pts" and "kas" commands.  But we ran into some automation problem
using "uss" only.  Using "pts" and "kas" seperately may also give you
better control of what was done.  The "uss" command here is used only for
volume and mount point creation for the user home directory.  You don't use
the "kas" command if you are using some Kerberos 5 setup.

Shyh-Wei Luan

The contents of /apache/conf/uss.template for the following code is:
V user.$USER afsserver1.almaden.ibm.com vicepb 50000 /afs/k56.almaden.ibm.com/u/$USER $UID $USER all

Sample user creation procedure:

if (afs) {
      Log.status("    -CREATING AFS ACCOUNT");
      User admin = new User("admin", Config.AFS_KEY);
      UAFSAuthenticationMgrBean authMgr = new
UAFSAuthenticationMgrBean(admin);

      String cmd;

      cmd = "pts createuser -name " + usr + " -cell " + Config.AFS_CELL;

      Log.status("Issuing pts creatuser command.");
      if (!Utils.issueCommand(cmd, true)) return false;
      Log.status("Command output: " + statusMessage);

      cmd = "kas create -name " + usr + " -i " + pwd + " -cell " +
Config.AFS_CELL + " -a admin -p " + Config.AFS_KEY;
      Log.status("Issuing kas create command.");
      if (!Utils.issueCommand(cmd, true)) return false;
      Log.status("Command output: " + statusMessage);

      cmd = "uss add -user " + usr + " -cell " + Config.AFS_CELL + "
-template /apache/conf/uss.template -verbose -skipauth";
      Log.status("Issuing uss add command.");
      if (!Utils.issueCommand(cmd, true)) return false;
      Log.status("Command output: " + statusMessage);
    }

Sent by:    openafs-info-admin@openafs.org

To:    "OpenAFS" <openafs-info@openafs.org>
cc:
Subject:    [OpenAFS] Permission Question



I have set up 1.2.2a from source and configured it according to the docs.
After a reboot, I now have both server and client running ont he same box,
/afs is mounted but root can't get to it with error: permission denied.

I am using kerberos that came with afs. Where is the user setup procedure
to
add users to the system? I am a bit confused by the AFS Admin Guide: what
is
the procedure for adding users?

I am also looking at going to a standard kerb release. Is perm setup
different then? (for now I just want the test to work though) What compile
options need to be set for that?

Thanks



_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info