[OpenAFS] groups in groups, ptsviewers etc...

Anders Magnusson ragge@ltu.se
Tue, 18 Mar 2008 12:08:42 +0100 

Great, exactly what I was wondering about!  Many thanks for your quick 
answer!

-- Ragge


Marcus Watts wrote:
> Anders Magnusson <ragge@ltu.se> writes:
>   
>> Date:    Tue, 18 Mar 2008 10:26:26 BST
>> To:      openafs-info@openafs.org
>> From:    Anders Magnusson <ragge@ltu.se>
>> Subject: [OpenAFS] groups in groups, ptsviewers etc...
>>
>> Hi,
>>
>> a few questions for which I don't seem able to find docs :-)
>>
>> It seems like it is possible to recompile 1.4.6 with an option to get 
>> the possibility to put groups in groups.
>> - Is this feature considered stable for production use?
>>     
>
> umich.edu has run with older versions of this feature for ages.
> Obviously we consider it "ready for production".
>
>   
>> - Will it allow for multiple levels of groups in groups?
>>     
>
> Yes.  There's a fairly modest depth limit (defaults to 5).
>
>   
>> - Is this a server-only feature or is the client affected as well (i.e. 
>> must the clients be recompiled?)
>>     
>
> Mostly this affects ptserver.  Fileservers and clients do not need to
> be recompiled.  "ListSuperGroups" is an rpc operation which only works
> on supergroup aware clients, which would affect "ptclient" lsg command
> and any custom code you wrote that called ubik_PR_ListSuperGroups.
> For most ordinary purposes you won't need this and can use standard
> clients.
>
> Older versions of openafs only enabled some other useful but
> unrelated features of pts if you compiled in supergroups support.
> This should not be an issue with 1.4.6.
>
>   
>> Also, for people to be able to see what's in the protection database, 
>> they must obviously be members
>> of the (undocumented?) ptsviewers group. Is it safe just to add all 
>> people to this group or are there other
>> implications of doing so?
>>     
>
> Depends on if you ever want private groups or not.
>
> If you want everybody in your cell to be able to see group
> membership by default, you're probably better off running ptserver this way:
> 	/usr/afs/bin/ptserver -p 16 -default SOM-- SOM--
> probably you will need to remake your ptserver instances in bos to do this.
>
>   
>> -- Ragge
>>     
>
> 				-Marcus Watts
>