[OpenAFS] ACL

Todd M. Lewis Todd_Lewis@unc.edu
Tue, 11 Mar 2003 07:21:44 -0500 

Enrico Pelletta wrote:
> Hi!
> 
> Is it the order of the operations so important? To me it seems to be a
> problem.
> I make a little test, and I saw you are right. By first creating the
> group with the users and then setting the ACL at the mount point
> everything works. However, if I add later a new user into the group,
> this new user will not get access to the volume!

Yes he will, but he'll have to klog again.  The reason is that group 
memberships are only looked up when you authenticate.  (Otherwise every 
operation would require all clients to reexamine their group 
memberships, and that would put a very heavy load on the PTserver.)

> Is this a bug or feature? :-) I mean, there is some kind reason to
> justify this behavior that I cannot see?
> 
> 	Enrico.
> 
> Klaas Hagemann wrote:
> 
>>Nelson,
>>
>>i think you did it the wrong way.
>>You have a volume and a mount-point, /afs/.../grpg, right?
>>Now you want to have 6 members having access on this volume/mount point.
>>So first create a pts group:
>>#pts creategroup <<group-name>>
>>then, add these 6 users to the group
>>#pts adduser nelsen <<group-name>>
>>#pts adduser xxxxxx <<group-name>>
>>....
>>
>>then give this group full access rights on the volume:
>>fs setacl /afs/../grpg <<group-name>> all
>>
>>It should work then, try it.
>>Klaas
>>
>>Nelson Chamba schrieb:
>>
>>>Hello,
>>>
>>>I got a problem with ACL.
>>>
>>>I created new *vol (h.grpg.vol)* and i wanna give rights to 6
>>>existent users.
>>>
>>>1 - I created a group and I gave full rights to all members.
>>>
>>>2 - I simply did: *(#fs setacl /afs/?/grpg nelson all, vasco all, xxxx
>>>all, yyyy all)*
>>>
>>>But when I get the token as *nelson* *or xxxxx *i can't create
>>>a folder, add doc?s or make something there, a message saying:
>>>*(M:\home\grpg is not accessible "Access Denied)** *appears.* *
>>>
>>>What maybe the problem because when I list the ACL it tell me that I got
>>>full rights so??..
>>>
>>>There are some tricks???.
>>>
>>>*Regards,*
>>>
>>>**
>>>*Nelson Chamba*
>>>Backup & AFS
>>>CSU - CIUEM
>>>Phone: (258-1) 492601/494752
>>>Cell: +258 82 391 721
>>>Web: http://www.csu.uem.mz <http://www.csu.uem.mz/>
>>>Maputo-Mozambique
>>>
>>>
>>
>>_______________________________________________
>>OpenAFS-info mailing list
>>OpenAFS-info@openafs.org
>>https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> 

-- 
    +-------------------------------------------------------------+
   /Todd_Lewis@unc.edu  919-962-5273  http://www.unc.edu/~utoddl /
  /[...an epiphany occurred while processing this directive...] /
+------------------------------------------------------------+