[OpenAFS] File ownership oddness
Tom Cocagne
tom.cocagne@gmail.com
Sat, 30 Aug 2008 12:11:54 -0700
------=_Part_22132_23128117.1220123514352
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hmmm. That sounds reasonable. Any idea what settings I might want to
look at? So far I've left all the nss-ldap stuff on the default settings
Gentoo provides (minus adding ldap to the nsswitch.conf, of course).
Thanks for the quick reply :)
Tom
On Sat, Aug 30, 2008 at 11:40 AM, Brandon S. Allbery KF8NH <
allbery@ece.cmu.edu> wrote:
> On 2008 Aug 30, at 14:13, Tom Cocagne wrote:
>
> I recently noticed a problem where all files in OpenAFS appear to be
> owned by most recently added user. An "ls -l" in user A's home directory
> will show all files being owned by user B, immediately after creating user
> B's account and home directory. The AFS security isn't broken, all
> permissions appear to be enforced correctly, but normal unix utilities that
> check file ownership are complaining. The user IDs in the pts database are
> correct and each user has a unique user id. Also, if user A does a touch
> "~/test_file", a subsequent "ls -l" shows the file is (correctly) owned by A
> even though the rest appear as if they were owned by B. The problem persists
> through reboots of both the servers and clients and is present even on new
> client machines added to AFS after all the accounts are created.
>
> Has anyone seen this problem before? I'm not really sure where to begin
> in tracking this down.
>
> Brief system description:
>
> Gentoo Linux
> Kernel 2.6.24
> OpenAFS 1.4.7
> MIT Kerberos 5 authentication
> User accounts stored in OpenLDAP
>
>
> I assume you're using LDAP for the nss switch? This sounds like the LDAP
> nss handler is caching when it shouldn't.
>
> --
> brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
> system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
> electrical and computer engineering, carnegie mellon university KF8NH
>
>
>
------=_Part_22132_23128117.1220123514352
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<div dir="ltr"> Hmmm. That sounds reasonable. Any idea what settings I might want to look at? So far I've left all the nss-ldap stuff on the default settings Gentoo provides (minus adding ldap to the nsswitch.conf, of course).<br>
<br> Thanks for the quick reply :)<br><br> Tom<br><br><br><div class="gmail_quote">On Sat, Aug 30, 2008 at 11:40 AM, Brandon S. Allbery KF8NH <span dir="ltr"><<a href="mailto:allbery@ece.cmu.edu">allbery@ece.cmu.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style=""><div><div></div><div class="Wj3C7c"><div><div>On 2008 Aug 30, at 14:13, Tom Cocagne wrote:</div>
<blockquote type="cite"><div dir="ltr"> I recently noticed a problem where all files in OpenAFS appear to be owned by most recently added user. An "ls -l" in user A's home directory will show all files being owned by user B, immediately after creating user B's account and home directory. The AFS security isn't broken, all permissions appear to be enforced correctly, but normal unix utilities that check file ownership are complaining. The user IDs in the pts database are correct and each user has a unique user id. Also, if user A does a touch "~/test_file", a subsequent "ls -l" shows the file is (correctly) owned by A even though the rest appear as if they were owned by B. The problem persists through reboots of both the servers and clients and is present even on new client machines added to AFS after all the accounts are created. <br>
<br> Has anyone seen this problem before? I'm not really sure where to begin in tracking this down.<br><br> Brief system description:<br><br> Gentoo Linux<br> Kernel 2.6.24<br> OpenAFS 1.4.7<br> MIT Kerberos 5 authentication<br>
User accounts stored in OpenLDAP</div></blockquote><br></div></div></div><div>I assume you're using LDAP for the nss switch? This sounds like the LDAP nss handler is caching when it shouldn't.</div><div><br>
</div><div> <span style="border-collapse: separate; border-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><div style="">
<span style="border-collapse: separate; border-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="border-collapse: separate; border-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><div>
<font face="Monaco"><span style="font-family: Monaco;"><span style="font-family: Monaco;">-- </span></span></font></div><div><font face="Monaco"><span style="font-family: Monaco;"><span style="font-family: Monaco;">brandon s. allbery [solaris,freebsd,perl,pugs,haskell] <a href="mailto:allbery@kf8nh.com" target="_blank">allbery@kf8nh.com</a></span></span></font></div>
<div><font face="Monaco"><span style="font-family: Monaco;"><span style="font-family: Monaco;">system administrator [openafs,heimdal,too many hats] <a href="mailto:allbery@ece.cmu.edu" target="_blank">allbery@ece.cmu.edu</a></span></span></font></div>
<div><font face="Monaco"><span style="font-family: Monaco;"><span style="font-family: Monaco;">electrical and computer engineering, carnegie mellon university KF8NH</span></span></font></div><span style="border-collapse: separate; border-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><br>
</span></span></span></div></span> </div><br></div></blockquote></div><br></div>
------=_Part_22132_23128117.1220123514352--