[OpenAFS] pts problem

[Jeffrey Hutzelman]

On Tuesday, September 09, 2003 17:23:28 -0400 Derrick J Brashear 
<shadow@dementia.org> wrote:

> On Tue, 9 Sep 2003, Tim C. wrote:
>
>
>> Warning: Id hash for ceduc369 (id 32766) seems correct at the db;
>> rehashing it anyway
>> Failed to update entry ceduc369 (err=267269)
>>
>>   I've never seen the "Failed to update entry..." error before, and
>> neither has one of my colleages familiar with afs.  This action used to
> translate_et 267269
> 267269 (pt).5 = Permission denied
>
> Guess: we fixed the pr debug interface to not let anyone read information
> from it, and ptclient was somehow using it for something for which it
> can't now.

That's not the issue here.  The changes we made close the debug interfaces 
to ordinary users, but they should still work for admins.

The problem here is this:
ptserver.h:#define      ANONYMOUSID     32766

ANONYMOUSID is the vice ID used for anonymous (unauthenticated) 
connections, both within the ptserver and elsewhere.  There is always an 
entry for this ID in the prdb; it may not be deleted, updated, or added to 
any groups.  Hence the (pt).5 error when trying to update this entry.  This 
ID is also used in certain cases to indicate a nonexistent user or 
missing/unused entry; thus, pts special cases it and will not display any 
output on attempts to examine this ID.

You do not want to give a user this ID.  Such a user would be 
indistinguishable to the fileserver and ptserver from an anonymous, 
unauthenticated user.  You probably also don't want to use this as 
someone's UNIX UID; some systems treat 32766 as a "nobody" ID for processes 
that should not have access to any user's files.  For these reasons, some 
sites I know of skipped over 32xxx entirely, jumping directly from 31999 to 
33000.

-- Jeff