[OpenAFS] can not change a backup or readonly volume

Lars Schimmer schimmer@cg.cs.tu-bs.de
Tue, 12 Apr 2005 19:59:34 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

First, please don´t produce TOFU, it´s really annoying to read the
answer before the question.

rc647bob@netscape.net schrieb:
| Sorry for the newbie questions.
| ------------------------------
|
| 1. I can obtain a token for the admin user but it may only be for the
client. Is the procedure different for a server token (win2k)?

What server token?
Servers doesn´t have got tokens. They just serv out the data to clients
which are authenticated to get these data.

| 2. I recreated the admin user with:
| bos adduser localhost admin -localauth

So localhost is a user for your AFS cell with admin rights.

| 3. I tried the following, but still get an error:
| vos create -server add.edu -partition /vicepe -cell .mycell.edu -name
add-afs
| vsu_ClientInit: Could not get afs tokens, running unauthenticated.
| Could not get an Id for volume add-afs
| VLDB: no permission access for call
| Error in vos create command.

Have you had a token for a admin user while performing that action?
Use the command tokens to check that.

I assume for some parts you´re on the wrong way with AFS.
AFS is a world wide filesystem. So there are servers for cells, and the
admin of the fileserver configure the servers who has access to the
data. Every AFS user could get access, every user of the cell the server
is in or just one specific user.
To obtain access to the data, the user must obtain a token, it doesn´t
care, on which AFS client the user works on, he just need to obtain a
token which set him the right to access that data on that fileserver.
E.G. cell a.b.c in europa and user foo in USA in cell d.e.f. If user foo
can obtain a token for cell a.b.c, he can get data from that cell. And
if he can obtain a admin token (be a admin user, user localadmin for
you), he can administer the cell d.e.f from his cell.
So, loose your view of "standalone servers" and view over the whole ;-)

Cya
Lars
- --
- -----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
Tel.: +49 531 391-2109            E-Mail: schimmer@cg.cs.tu-bs.de
PGP-Key-ID: 0xB87A0E03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFCXAyGVguzrLh6DgMRAqoRAJsHvsFG/SFXiIUpzOCi5UQuYi+3dgCgse+N
KbIX7mxSlIb50g197r5DHkY=
=tGL2
-----END PGP SIGNATURE-----