[OpenAFS] account deletions
Brian Davidson
bdavids1@gmu.edu
Tue, 13 Sep 2005 16:06:21 -0400
On Sep 13, 2005, at 3:21 PM, Jeffrey Hutzelman wrote:
>
> (1) Don't reuse PTS ID's. But you figured that out.
I really hope to win that battle.
> (2) Whenever possible, ACL's should contain groups, not users. When a
> PTS user is deleted, its group memberships automatically go away.
All centrally managed ACLs are done that way, except for the user's
home volume. For areas where users can set ACLs, who knows what's been
done.
I had suspected that PTS group memberships went away. My testing
confirmed it, and now you've re-confirmed it. Thanks!
> (3) 'fs cleanacl' will "clean" the ACL of a directory, removing entries
> for ID's which do not currently exist in PTS. So, you could do
> something like this (assuming GNU find and xargs):
>
> find /afs/gmu.edu -noleaf -type d -print0 | xargs -0 fs cleanacl -path
I was thinking something along those lines. I guess it really doesn't
matter how many accounts I'm deleting. I'll just save that till
they're all deleted and take one run through the filesystem.
Out of curiosity, are there any AFS aware find commands that will
restrict themselves to traversing a single specified cell? It's
possible someone could mount a volume from another cell somewhere in
our filesystem. It would suck to spend a bunch of time trying to fs
cleanacl someone else's cell, especially when it would fail. This is
mostly a hypothetical question, but it has been one of those weeks...
Thanks for the advice!
Brian