[OpenAFS] pts listentries and system:ptsviewers

Sidney Cammeresi sac@cheesecake.org
Wed, 24 May 2006 10:59:30 -0500


My user is a member of system:ptsviewers but not system:administrators.
I read from the 1.2.5 release notes (I am not running that version, of
course) that

        A new system group is created for new cells (system:ptsviewers
        with id -203).  If this group exists, members of this group can
        examine and read the entire protection database.  They can examine
        all users and groups and can get the membership of any group.

So I added myself to system:ptsviewers and can view everything,
but pts listentries fails, saying permission denied.  And indeed,
the documentation for pts listentries says it requires membership in
system:administrators.

Shouldn't it also be okay with membership in system:ptsviewers or is there
a reason why `can read the entire prdb' shouldn't extend to enumerating its
contents?

-- 
Sidney CAMMERESI
http://www.cheesecake.org/sac/