[OpenAFS] permission denied with all rights

Derrick Brashear shadow@gmail.com
Wed, 13 Apr 2011 15:09:55 -0400 

"after 2 hours" is the CPS refresh interval. aklog -force would have
done it instantly, tho it doesn't explain what the problem was.


On Wed, Apr 13, 2011 at 12:19 PM, Michal Svamberg <svamberg@gmail.com> wrot=
e:
> I update krb5.conf on fileserver elektra2, after 2 hours was all in order=
.
> But same old krb5.conf file is on elektra1 without problems. I was this
> problem with group "system:av", when I used system:administrators, then
> priviledges were applied correctly.
>
> Now is this problem solved, thanks for ideas.
> Michal.
>
> On Wed, Apr 13, 2011 at 17:04, Derrick Brashear <shadow@gmail.com> wrote:
>> On Wed, Apr 13, 2011 at 9:33 AM, Michal Svamberg <svamberg@gmail.com> wr=
ote:
>>> Hello,
>>> I have two same fileservers for user volumes - elektra1.zcu.cz and
>>> elektra2.zcu.cz
>>> The problem is only on all (I tested on 4 volumes) volumes at elektra2 =
server.
>>> The group 'system:av' have rlidwka rights, but the rights is not applie=
d.
>>>
>>> $ fs la .
>>> Access list for . is
>>> Normal rights:
>>> =A0system:av rlidwka
>>> =A0meta-hosts l
>>> =A0zcu.cz rl
>>> =A0jvarga rl
>>>
>>> $ pts mem svamberg.root
>>> Groups svamberg.root (id: 129) is a member of:
>>> =A0adm:backup
>>> =A0system:av
>>> =A0lps.root
>>> =A0system:faidev
>>> =A0system:faiadministrators
>>> =A0system:administrators
>>> =A0system:tftpboot
>>> =A0system:root
>>>
>>> $ tokens
>>> Tokens held by the Cache Manager:
>>>
>>> User's (AFS ID 129) tokens for afs@zcu.cz [Expires Apr 13 18:35]
>>> =A0 --End of list--
>>>
>>> $ touch x
>>> touch: cannot touch `x': Permission denied
>>>
>>> $ fs exa .
>>> File . (876024890.1.1) contained in volume 876024890
>>> Volume status for vid =3D 876024890 named user.jvarga
>>> Current disk quota is 1000000
>>> Current blocks used are 583253
>>> The partition has 157451567 blocks available out of 292871036
>>>
>>> I don't know where is problem. I haven't this problem on volumes at
>>> elektra1.zcu.cz.
>>> Any ideas?
>>
>> is the time wrong on elektra2, or anything of note in the FileLog? my
>> guess here would be that the fileserver
>> can't verify your identity, meaning you'd presumably see a
>> pr_Initialize failure in the FileLog.
>>
>> if you enable auditlogs (the -auditlog parameter to the fileserver) it
>> will tell you what identity it believes you have
>> in the audit event for your request (in this case, presumably a createfi=
le)
>>
>>
>> --
>> Derrick
>>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>



--=20
Derrick