[OpenAFS] groups in groups, ptsviewers etc...
Anders Magnusson
ragge@ltu.se
Tue, 18 Mar 2008 12:08:42 +0100
Great, exactly what I was wondering about! Many thanks for your quick
answer!
-- Ragge
Marcus Watts wrote:
> Anders Magnusson <ragge@ltu.se> writes:
>
>> Date: Tue, 18 Mar 2008 10:26:26 BST
>> To: openafs-info@openafs.org
>> From: Anders Magnusson <ragge@ltu.se>
>> Subject: [OpenAFS] groups in groups, ptsviewers etc...
>>
>> Hi,
>>
>> a few questions for which I don't seem able to find docs :-)
>>
>> It seems like it is possible to recompile 1.4.6 with an option to get
>> the possibility to put groups in groups.
>> - Is this feature considered stable for production use?
>>
>
> umich.edu has run with older versions of this feature for ages.
> Obviously we consider it "ready for production".
>
>
>> - Will it allow for multiple levels of groups in groups?
>>
>
> Yes. There's a fairly modest depth limit (defaults to 5).
>
>
>> - Is this a server-only feature or is the client affected as well (i.e.
>> must the clients be recompiled?)
>>
>
> Mostly this affects ptserver. Fileservers and clients do not need to
> be recompiled. "ListSuperGroups" is an rpc operation which only works
> on supergroup aware clients, which would affect "ptclient" lsg command
> and any custom code you wrote that called ubik_PR_ListSuperGroups.
> For most ordinary purposes you won't need this and can use standard
> clients.
>
> Older versions of openafs only enabled some other useful but
> unrelated features of pts if you compiled in supergroups support.
> This should not be an issue with 1.4.6.
>
>
>> Also, for people to be able to see what's in the protection database,
>> they must obviously be members
>> of the (undocumented?) ptsviewers group. Is it safe just to add all
>> people to this group or are there other
>> implications of doing so?
>>
>
> Depends on if you ever want private groups or not.
>
> If you want everybody in your cell to be able to see group
> membership by default, you're probably better off running ptserver this way:
> /usr/afs/bin/ptserver -p 16 -default SOM-- SOM--
> probably you will need to remake your ptserver instances in bos to do this.
>
>
>> -- Ragge
>>
>
> -Marcus Watts
>