[OpenAFS] Supergroups and ACL inheritance
Thomas Smith
theitsmith@gmail.com
Thu, 24 Feb 2011 18:01:10 -0700
--0016e646110cac4252049d10dd5c
Content-Type: text/plain; charset=ISO-8859-1
Hi,
I setup a supergroup and assigned some ACLs based on that group and it
didn't provide me with the expected result. Here's an example of what I
setup:
Groups:
* group0 - The primary group for office location "group0".
* group0:admins - Office administrations for "group0".
Directory Structure:
* /afs/domain/Offices/Group0/ with group permissions:
* * group0 rlidwk
* /afs/domain/Offices/Group0/Admins/ with group permissions:
* * group0:admins rlidwk
* * -neg group0 rlidwk
(Also note that Offices/Group0/ is a volume, Admins is just a directory
within the volume.)
Setting it up like this, group0:admins are not able to access the Admins
directory. I also tried just removing group0 (rather than adding the
negative permissions) but that didn't work either--in fact, doing this
allows group0 to gain access to that directory.
I ended up removing both groups and just adding ACLs for each user
individually to get it to work as I needed.
I've looked for examples of how to setup supergroups as well as how to work
with AFS's ACL inheritance and haven't found much.
Can someone offer some pointers here? Am I missing something? References to
documentation would be great too! :-)
~ Tom
--0016e646110cac4252049d10dd5c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi,<br><br>I setup a supergroup and assigned some ACLs based on that group =
and it didn't provide me with the expected result. Here's an exampl=
e of what I setup:<br><br>Groups:<br>* group0 - The primary group for offic=
e location "group0".<br>
* group0:admins - Office administrations for "group0".<br><br>Dir=
ectory Structure:<br>* /afs/domain/Offices/Group0/ with group permissions:<=
br>* * group0 rlidwk<br>* /afs/domain/Offices/Group0/Admins/ with group per=
missions:<br>
* * group0:admins rlidwk<br>* * -neg group0 rlidwk<br><br>(Also note that O=
ffices/Group0/ is a volume, Admins is just a directory within the volume.)<=
br><br>Setting it up like this, group0:admins are not able to access the Ad=
mins directory. I also tried just removing group0 (rather than adding the n=
egative permissions) but that didn't work either--in fact, doing this a=
llows group0 to gain access to that directory.<br>
<br>I ended up removing both groups and just adding ACLs for each user indi=
vidually to get it to work as I needed.<br><br>I've looked for examples=
of how to setup supergroups as well as how to work with AFS's ACL inhe=
ritance and haven't found much.<br>
<br>Can someone offer some pointers here? Am I missing something? Reference=
s to documentation would be great too! :-)<br><br>~ Tom<br>
--0016e646110cac4252049d10dd5c--