[OpenAFS] PAGs and group ids
Russ Allbery
rra@stanford.edu
Mon, 11 Jun 2007 10:04:30 -0700
Christopher Allen Wing <wingc@umich.edu> writes:
> In recent openafs, on linux 2.6, the PAG may be stored in an opaque kernel
> data structure called the 'keyring'; here, you cannot rely upon the group
> IDs being present. If you have the 'keyctl' program installed, the output
> will look like this when your (shell) process is a member of a PAG:
> % keyctl show
> Session Keyring
> -3 --alswrv 0 0 keyring: _ses.XXXXX
> XXXXXXXXX ----s--v 0 0 \_ afs_pag: _pag
> (the output will contain 'afs_pag' to show that the process is a member of
> a PAG; if 'afs_pag' is not present then the process is not in a PAG)
> Some linux systems may not use the keyring; in that case, recent openafs
> uses only a single group ID instead of two group IDs to represent the
> PAG. Here, the single group ID is equal to the 32-bit PAG identifier.
> (i.e., the first 8 bits are equal to ASCII 'A' as mentioned previously)
Note that, if possible, the group is also created even if the keyring is
used.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>