[OpenAFS] permission denied with all rights

Derrick Brashear shadow@gmail.com
Wed, 13 Apr 2011 11:04:21 -0400


On Wed, Apr 13, 2011 at 9:33 AM, Michal Svamberg <svamberg@gmail.com> wrote=
:
> Hello,
> I have two same fileservers for user volumes - elektra1.zcu.cz and
> elektra2.zcu.cz
> The problem is only on all (I tested on 4 volumes) volumes at elektra2 se=
rver.
> The group 'system:av' have rlidwka rights, but the rights is not applied.
>
> $ fs la .
> Access list for . is
> Normal rights:
> =A0system:av rlidwka
> =A0meta-hosts l
> =A0zcu.cz rl
> =A0jvarga rl
>
> $ pts mem svamberg.root
> Groups svamberg.root (id: 129) is a member of:
> =A0adm:backup
> =A0system:av
> =A0lps.root
> =A0system:faidev
> =A0system:faiadministrators
> =A0system:administrators
> =A0system:tftpboot
> =A0system:root
>
> $ tokens
> Tokens held by the Cache Manager:
>
> User's (AFS ID 129) tokens for afs@zcu.cz [Expires Apr 13 18:35]
> =A0 --End of list--
>
> $ touch x
> touch: cannot touch `x': Permission denied
>
> $ fs exa .
> File . (876024890.1.1) contained in volume 876024890
> Volume status for vid =3D 876024890 named user.jvarga
> Current disk quota is 1000000
> Current blocks used are 583253
> The partition has 157451567 blocks available out of 292871036
>
> I don't know where is problem. I haven't this problem on volumes at
> elektra1.zcu.cz.
> Any ideas?

is the time wrong on elektra2, or anything of note in the FileLog? my
guess here would be that the fileserver
can't verify your identity, meaning you'd presumably see a
pr_Initialize failure in the FileLog.

if you enable auditlogs (the -auditlog parameter to the fileserver) it
will tell you what identity it believes you have
in the audit event for your request (in this case, presumably a createfile)


--=20
Derrick