[OpenAFS] foreign-realm members of system:administrators have weakened
powers?
Adam Megacz
megacz@cs.berkeley.edu
Tue, 24 Jan 2006 20:35:59 -0800
Hrm, I thought that any member of system:administrators could create
pts groups with arbitrary ownership, but it seems that I can't do this
using my "main" principal -- I executed these commands while holding
tokens for megacz@megacz.com in cell research.cs.berkeley.edu:
$ pts membership system:administrators -cell research.cs.berkeley.edu
Members of system:administrators (id: -204) are:
afsadmin
megacz@megacz.com
megacz@eecs.berkeley.edu
$ pts creategroup project.sbp system:administrators -cell research.cs.berkeley.edu
pts: Permission denied ; unable to create group project.sbp with id 0 owned by 'system:administrators'
Are there some powers that are withheld from administrators using a
cross-realm pts id? The command succeeds when authenticated as
afsadmin.
- a
--
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380