[OpenAFS] permission denied with all rights
Wed, 13 Apr 2011 15:09:55 -0400
"after 2 hours" is the CPS refresh interval. aklog -force would have
done it instantly, tho it doesn't explain what the problem was.
On Wed, Apr 13, 2011 at 12:19 PM, Michal Svamberg <firstname.lastname@example.org> wrot=
> I update krb5.conf on fileserver elektra2, after 2 hours was all in order=
> But same old krb5.conf file is on elektra1 without problems. I was this
> problem with group "system:av", when I used system:administrators, then
> priviledges were applied correctly.
> Now is this problem solved, thanks for ideas.
> On Wed, Apr 13, 2011 at 17:04, Derrick Brashear <email@example.com> wrote:
>> On Wed, Apr 13, 2011 at 9:33 AM, Michal Svamberg <firstname.lastname@example.org> wr=
>>> I have two same fileservers for user volumes - elektra1.zcu.cz and
>>> The problem is only on all (I tested on 4 volumes) volumes at elektra2 =
>>> The group 'system:av' have rlidwka rights, but the rights is not applie=
>>> $ fs la .
>>> Access list for . is
>>> Normal rights:
>>> =A0system:av rlidwka
>>> =A0meta-hosts l
>>> =A0zcu.cz rl
>>> =A0jvarga rl
>>> $ pts mem svamberg.root
>>> Groups svamberg.root (id: 129) is a member of:
>>> $ tokens
>>> Tokens held by the Cache Manager:
>>> User's (AFS ID 129) tokens for email@example.com [Expires Apr 13 18:35]
>>> =A0 --End of list--
>>> $ touch x
>>> touch: cannot touch `x': Permission denied
>>> $ fs exa .
>>> File . (876024890.1.1) contained in volume 876024890
>>> Volume status for vid =3D 876024890 named user.jvarga
>>> Current disk quota is 1000000
>>> Current blocks used are 583253
>>> The partition has 157451567 blocks available out of 292871036
>>> I don't know where is problem. I haven't this problem on volumes at
>>> Any ideas?
>> is the time wrong on elektra2, or anything of note in the FileLog? my
>> guess here would be that the fileserver
>> can't verify your identity, meaning you'd presumably see a
>> pr_Initialize failure in the FileLog.
>> if you enable auditlogs (the -auditlog parameter to the fileserver) it
>> will tell you what identity it believes you have
>> in the audit event for your request (in this case, presumably a createfi=
> OpenAFS-info mailing list