[OpenAFS] Reason for failing fs setacl/listacl /afs
Michael Hunger
mh14@inf.tu-dresden.de
Wed, 26 Mar 2003 13:47:04 +0100 (CET)
Dear list,
we have a problem granting rights and even listing them after setting up
openafs with krb5.
I can get the afs tokens with:
server:/etc/krb5kdc# kinit admin; klist; aklog local -k MATHILDE; tokens
Password for admin@MATHILDE:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@MATHILDE
Valid starting Expires Service principal
03/26/03 13:33:41 03/26/03 23:33:32 krbtgt/MATHILDE@MATHILDE
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Tokens held by the Cache Manager:
User's (AFS ID 1) tokens for afs@local [Expires Mar 26 23:33]
--End of list--
The user admin is in system:administrators
server:/etc/krb5kdc# pts membership admin -noauth
Groups admin (id: 1) is a member of:
system:administrators
But when performing fs setacl/listacl /afs we only get Permission denied:
server:/etc/krb5kdc# fs listacl /afs
fs: You don't have the required access rights on '/afs'
server:/etc/krb5kdc# fs setacl /afs l
fs: You don't have the required access rights on '/afs'
server:/etc/krb5kdc# fs setacl /afs al
fs: You don't have the required access rights on '/afs'
Is there any way to determine the reason for this problem, eg. getting the
(I think) ptserver listing available permissions (beside membership to
system:administrators) for being allowed to set/list acls on /afs or any
other debugging information that allows us to find the missing link.
Perhaps the following information allows limiting the scope of your
search.
server:/etc/krb5kdc# pts examine admin -noauth
Name: admin, id: 1, owner: system:administrators, creator: anonymous,
membership: 1, flags: S----, group quota: unlimited.
server:/etc/krb5kdc# pts examine system:administrators -noauth
Name: system:administrators, id: -204, owner: system:administrators,
creator: system:administrators,
membership: 3, flags: S-M--, group quota: unlimited.
server:/etc/krb5kdc# bos status server
Instance ptserver, currently running normally.
Instance fs, currently running normally.
Auxiliary status is: file server running.
Instance vlserver, currently running normally.
server:/etc/krb5kdc# ps ax | grep "\(openafs\|krb\|bos\)"
6624 ? S 0:00 /usr/sbin/krb5kdc -4nopreauth
6626 ? S 0:00 /usr/sbin/krb524d -m
14137 ? S 0:00 /usr/sbin/bosserver
14138 ? S 0:00 /usr/lib/openafs/ptserver
14139 ? S< 0:00 /usr/lib/openafs/fileserver
14140 ? S 0:00 /usr/lib/openafs/volserver
14141 ? S 0:00 /usr/lib/openafs/vlserver
14142 ? S< 0:00 /usr/lib/openafs/fileserver
14143 ? S< 0:00 /usr/lib/openafs/fileserver
14144 ? S< 0:00 /usr/lib/openafs/fileserver
14145 ? S< 0:00 /usr/lib/openafs/fileserver
14146 ? S< 0:00 /usr/lib/openafs/fileserver
14147 ? S< 0:00 /usr/lib/openafs/fileserver
14148 ? S< 0:00 /usr/lib/openafs/fileserver
14149 ? S< 0:00 /usr/lib/openafs/fileserver
14150 ? S< 0:00 /usr/lib/openafs/fileserver
14151 ? S< 0:00 /usr/lib/openafs/fileserver
14152 ? S< 0:00 /usr/lib/openafs/fileserver
14153 ? S< 0:00 /usr/lib/openafs/fileserver
14154 ? S< 0:00 /usr/lib/openafs/fileserver
14155 ? S< 0:00 /usr/lib/openafs/fileserver
14156 ? S< 0:00 /usr/lib/openafs/fileserver
14157 ? S< 0:00 /usr/lib/openafs/fileserver
14158 ? S< 0:00 /usr/lib/openafs/fileserver
server:/etc/krb5kdc# bos listusers server
SUsers are: admin afs root@MATHILDE
server:/etc/krb5kdc# bos listkeys server -localauth
key 3 has cksum 2201216779
Keys last changed on Mon Mar 10 17:58:44 2003.
All done.
Thank you in advance
Michael Hunger