[OpenAFS] AFS && Apache

Tino Schwarze tino.schwarze@informatik.tu-chemnitz.de
Wed, 15 May 2002 11:03:00 +0200


On Wed, May 15, 2002 at 10:46:52AM +0200, Turbo Fredriksson wrote:

>     Michael> Instead of IP-based ACLS, why not even give
>     Michael> system:anyuser rl on the web-volumes?  OK, you cannot
>     Michael> hide files from AFS-Users by creating public.html in each
>     Michael> directory.
> 
> That was the very first thing I did, didn't help... If you don't have
> a token, you can't enter AFS space at all (!?)

No, this is not the case. You can always access anything that
system:anyuser can access. There is also a system:authuser group which
corresponds to any user which is somehow authenticated (therefore has a
token).

> Naturally I tried adding 'system:anyuser rl' in all directories LEADING
> to the web volume (I'm now convinced that volumes is a good thing :)...

Try to read a file without a token at all - if this works, then you've
got some issue with your Apache configuration, not with AFS.

Bye, Tino.

-- 
             * LINUX - Where do you want to be tomorrow? *
                  http://www.tu-chemnitz.de/linux/tag/