[OpenAFS] Group creation by foreign users
Danko Antolovic
dantolov@indiana.edu
Tue, 11 Oct 2011 15:08:11 -0400
How does the group creation/deletion works for foreign users? In the
example below, I hold the token for the cell afs1.bedrock.iu.edu, as a
foreign user sharetsb@ads.iu.edu, ID 196399; that user has the group
quota of zero. All the same, I can create prefixed and prefixless
groups, all of which have the owner and creator -204, regardless of
anything. I can also delete these groups at will.
This does not appear quite right. Can anyone advise?
Danko Antolovic
Commands on the client machine:
Tokens held by the Cache Manager:
User's (AFS ID 196399) tokens for afs@afs1.bedrock.iu.edu [Expires Oct
11 23:48]
--End of list--
[dantolov@dantolov ~]$ pts examine sharetsb@ads.iu.edu -cell
afs1.bedrock.iu.edu
Name: sharetsb@ads.iu.edu, id: 196399, owner: system:administrators,
creator: system:administrators,
membership: 1, flags: S----, group quota: 0.
[dantolov@dantolov ~]$ pts creategroup boo -cell afs1.bedrock.iu.edu
group boo has id -215
[dantolov@dantolov ~]$ pts creategroup foo -cell
afs1.bedrock.iu.edu -owner sharetsb@ads.iu.edu
group foo has id -216
[dantolov@dantolov ~]$ pts creategroup system:goo -cell
afs1.bedrock.iu.edu
group system:goo has id -217
On the server machine:
[root@afs1c afs]# pts listent -groups -noauth
Name ID Owner Creator
system:administrators -204 -204 -204
system:backup -205 -204 -204
system:anyuser -101 -204 -204
system:authuser -102 -204 -204
system:ptsviewers -203 -204 -204
system:authuser@ads.iu.edu -209 -204 32766
foo -216 -204 -204
system:goo -217 -204 -204
boo -215 -204 -204