[OpenAFS] correct usage of supergroups
Tue, 11 Oct 2005 01:03:11 +0200
I have some questions about supergroup functionality. I'd expected that
I can create the following:
Access list for /afs/.muse.net.nz/pub/images is
this mirrors how security is currently set up on a large windows
environment. it helps migrating the permissions via script & keeping the
existing controls of who can change permissions in place - users can
control the membership of groups, but not the permissions themselves.
and then have membership of each group as follows:
$ pts mem admin:images
Members of admin:images (id: -212) are:
$ pts mem read:images
Members of read:images (id: -211) are:
$ pts mem write:images
Members of write:images (id: -213) are:
however this doesn't allow the expected result - nobody can read the
volume, & joeuser can't write.
I have created 3 dummy PTS accounts (read, write, admin) to own the
various groups, this is just for neatness' sake.
OpenAFS is on OpenBSD 3.7 & windows, running 1.4 rc6, using
./configure --enable-transarc-paths --enable-fast-restart
--enable-bitmap-later --quiet --enable-debug --enable-bos-new-config
--enable-supergroups --enable-namei-fileserver --disable-kernel-module
-> windows client is 1.4 rc6
-> openbsd clients are all arla from 3.7 release
does anybody use supergroups?
am I using them correctly?
is there any other information I could collect that would help?
are there any other docs other than the wiki for reference? google
doesn't return much.
out of the frying pan and into the fire