[OpenAFS] PAGs and group ids

Russ Allbery rra@stanford.edu
Mon, 11 Jun 2007 10:04:30 -0700

Christopher Allen Wing <wingc@umich.edu> writes:

> In recent openafs, on linux 2.6, the PAG may be stored in an opaque kernel
> data structure called the 'keyring'; here, you cannot rely upon the group
> IDs being present.  If you have the 'keyctl' program installed, the output
> will look like this when your (shell) process is a member of a PAG:

> 	% keyctl show
> 	Session Keyring
> 	       -3 --alswrv      0     0  keyring: _ses.XXXXX
> 	XXXXXXXXX ----s--v      0     0   \_ afs_pag: _pag

> (the output will contain 'afs_pag' to show that the process is a member of
> a PAG; if 'afs_pag' is not present then the process is not in a PAG)

> Some linux systems may not use the keyring; in that case, recent openafs
> uses only a single group ID instead of two group IDs to represent the
> PAG. Here, the single group ID is equal to the 32-bit PAG identifier.
> (i.e., the first 8 bits are equal to ASCII 'A' as mentioned previously)

Note that, if possible, the group is also created even if the keyring is

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>