[OpenAFS] File ownership oddness
Brandon S. Allbery KF8NH
allbery@ece.cmu.edu
Sat, 30 Aug 2008 14:40:32 -0400
--Apple-Mail-1--851219213
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
On 2008 Aug 30, at 14:13, Tom Cocagne wrote:
> I recently noticed a problem where all files in OpenAFS appear
> to be owned by most recently added user. An "ls -l" in user A's home
> directory will show all files being owned by user B, immediately
> after creating user B's account and home directory. The AFS security
> isn't broken, all permissions appear to be enforced correctly, but
> normal unix utilities that check file ownership are complaining. The
> user IDs in the pts database are correct and each user has a unique
> user id. Also, if user A does a touch "~/test_file", a subsequent
> "ls -l" shows the file is (correctly) owned by A even though the
> rest appear as if they were owned by B. The problem persists through
> reboots of both the servers and clients and is present even on new
> client machines added to AFS after all the accounts are created.
>
> Has anyone seen this problem before? I'm not really sure where to
> begin in tracking this down.
>
> Brief system description:
>
> Gentoo Linux
> Kernel 2.6.24
> OpenAFS 1.4.7
> MIT Kerberos 5 authentication
> User accounts stored in OpenLDAP
I assume you're using LDAP for the nss switch? This sounds like the
LDAP nss handler is caching when it shouldn't.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
--Apple-Mail-1--851219213
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div><div>On 2008 Aug 30, at =
14:13, Tom Cocagne wrote:</div><blockquote type=3D"cite"><div =
dir=3D"ltr"> I recently noticed a problem where all =
files in OpenAFS appear to be owned by most recently added user. An "ls =
-l" in user A's home directory will show all files being owned by user =
B, immediately after creating user B's account and home directory. The =
AFS security isn't broken, all permissions appear to be enforced =
correctly, but normal unix utilities that check file ownership are =
complaining. The user IDs in the pts database are correct and each user =
has a unique user id. Also, if user A does a touch "~/test_file", a =
subsequent "ls -l" shows the file is (correctly) owned by A even though =
the rest appear as if they were owned by B. The problem persists through =
reboots of both the servers and clients and is present even on new =
client machines added to AFS after all the accounts are created. <br> =
<br> Has anyone seen this problem before? I'm not really =
sure where to begin in tracking this down.<br><br> Brief =
system description:<br><br> Gentoo =
Linux<br> Kernel =
2.6.24<br> OpenAFS =
1.4.7<br> MIT Kerberos 5 =
authentication<br> User accounts stored in =
OpenLDAP</div></blockquote><br></div><div>I assume you're using LDAP for =
the nss switch? This sounds like the LDAP nss handler is caching =
when it shouldn't.</div><div><br></div><div apple-content-edited=3D"true">=
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 11px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div =
style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 11px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div><font =
class=3D"Apple-style-span" face=3D"Monaco"><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; "><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; =
">-- </span></span></font></div><div><font class=3D"Apple-style-span"=
face=3D"Monaco"><span class=3D"Apple-style-span" style=3D"font-family: =
Monaco; "><span class=3D"Apple-style-span" style=3D"font-family: Monaco; =
">brandon s. allbery [solaris,freebsd,perl,pugs,haskell] <a =
href=3D"mailto:allbery@kf8nh.com">allbery@kf8nh.com</a></span></span></fon=
t></div><div><font class=3D"Apple-style-span" face=3D"Monaco"><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; "><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; ">system =
administrator [openafs,heimdal,too many hats] <a =
href=3D"mailto:allbery@ece.cmu.edu">allbery@ece.cmu.edu</a></span></span><=
/font></div><div><font class=3D"Apple-style-span" face=3D"Monaco"><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; "><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; ">electrical =
and computer engineering, carnegie mellon university =
KF8NH</span></span></font></div><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><br =
class=3D"Apple-interchange-newline"></span></span></span></div></span> =
</div><br></body></html>=
--Apple-Mail-1--851219213--