[OpenAFS] Help: Client side permission denied when access the volume

Lee Eric openlinuxsource@gmail.com
Fri, 10 Jun 2011 23:41:18 +0800


Yes mate, I know the OpenAFS permission is not the same with the UNIX
ACL. But according to my ACL set up the user "huli" could access the
/afs/herdingcat.internal/home/huli this dir.

Eric

On Fri, Jun 10, 2011 at 9:35 PM, Fabien COMBERNOUS
<fcombernous@kezia.com> wrote:
> On 10/06/2011 15:11, Lee Eric wrote:
>>
>> Hi all,
>
> Hi
>>
>> I created a user home dir at /afs/herdingcat.internal/home/huli and
>> this dir UNIX permission listed as below.
>>
>>
>> [root@server ~]# ls -l /afs/herdingcat.internal/home/
>> total 2
>> drwx------. 2 huli users 2048 Jun =A09 04:52 huli
>> [root@server ~]# id huli
>> uid=3D501(huli) gid=3D100(users) groups=3D100(users)
>>
>> And I also created the user "huli" and the group "users" by using pts
>> utility.
>>
>> [root@server ~]# pts membership huli
>> Groups huli (id: 501) is a member of:
>> =A0 users
>> [root@server ~]# pts membership users
>> Members of users (id: -208) are:
>> =A0 huli
>>
>> And what I want to accomplish is the user "huli" can only access his
>> own home dir and can write files in his home dir. Here's the ACLs I
>> set in every dir.
>> [root@server ~]# fs listacl /afs
>> Access list for /afs is
>> Normal rights:
>> =A0 system:administrators rlidwka
>
> UNIX permissions are not used at all in /afs. Openafs acl are mandatory.
> In your example, only group system:administrators can do something at the
> root of the openafs fs.
>
> And so it is normal, if huli is not in this group, you get
>>
>> [root@server ~]# ls /afs/
>> ls: cannot open directory /afs/: Permission denied
>
> Regards,
> --
> *Fabien COMBERNOUS*
> /unix system engineer/
> www.kezia.com <http://www.kezia.com/>
> *Tel: +33 (0) 467 992 986*
> Kezia Group
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>