[OpenAFS] permission denied with all rights
Wed, 13 Apr 2011 18:19:24 +0200
I update krb5.conf on fileserver elektra2, after 2 hours was all in order.
But same old krb5.conf file is on elektra1 without problems. I was this
problem with group "system:av", when I used system:administrators, then
priviledges were applied correctly.
Now is this problem solved, thanks for ideas.
On Wed, Apr 13, 2011 at 17:04, Derrick Brashear <email@example.com> wrote:
> On Wed, Apr 13, 2011 at 9:33 AM, Michal Svamberg <firstname.lastname@example.org> wro=
>> I have two same fileservers for user volumes - elektra1.zcu.cz and
>> The problem is only on all (I tested on 4 volumes) volumes at elektra2 s=
>> The group 'system:av' have rlidwka rights, but the rights is not applied=
>> $ fs la .
>> Access list for . is
>> Normal rights:
>> =A0system:av rlidwka
>> =A0meta-hosts l
>> =A0zcu.cz rl
>> =A0jvarga rl
>> $ pts mem svamberg.root
>> Groups svamberg.root (id: 129) is a member of:
>> $ tokens
>> Tokens held by the Cache Manager:
>> User's (AFS ID 129) tokens for email@example.com [Expires Apr 13 18:35]
>> =A0 --End of list--
>> $ touch x
>> touch: cannot touch `x': Permission denied
>> $ fs exa .
>> File . (876024890.1.1) contained in volume 876024890
>> Volume status for vid =3D 876024890 named user.jvarga
>> Current disk quota is 1000000
>> Current blocks used are 583253
>> The partition has 157451567 blocks available out of 292871036
>> I don't know where is problem. I haven't this problem on volumes at
>> Any ideas?
> is the time wrong on elektra2, or anything of note in the FileLog? my
> guess here would be that the fileserver
> can't verify your identity, meaning you'd presumably see a
> pr_Initialize failure in the FileLog.
> if you enable auditlogs (the -auditlog parameter to the fileserver) it
> will tell you what identity it believes you have
> in the audit event for your request (in this case, presumably a createfil=