[OpenAFS] permission to run 'fs examine'
Richard Brittain
Richard.Brittain@dartmouth.edu
Thu, 17 Mar 2016 16:43:46 -0400
I discovered an apparent change in the access control on "fs examine"
recently. The docs say you need 'r' access on the root of the volume for
this to work, and that definitely used to work. We use this inside a
wrapper script for more convenient quota checking, and I was used to
getting the permission errors, but not any more.
Now it seems to work all the time regardless of tokens or volume ACL, from
clients on Linux, Mac and Windows. Our servers are a mishmash of
versions. The DBs are 1.6.14.1 and 1.6.5, and the file servers 1.6.9 and
1.6.14.1. If this access control is a function of the DB servers, then
the timing of our upgrade to 1.6.14.1 might be consistent with when this
started.
PRIVILEGE REQUIRED
The issuer must have the "r" (read) permission on the ACL of the root directory of the volume that
houses the file or directory named by the -path argument, and "l" (list) permission on the ACL of each
directory that precedes it in the pathname.
Richard
--
Richard Brittain, Research Computing Group,
IT Services, 37 Dewey Field Road, HB6219
Dartmouth College, Hanover NH 03755
Richard.Brittain@dartmouth.edu 603-646-2085