[OpenAFS] Stuck in Quick start guide at "fs: You don't have the
required access rights on '/afs'"
Benjamin Kaduk
kaduk@MIT.EDU
Sat, 14 May 2016 14:55:25 -0400 (EDT)
On Fri, 13 May 2016, Karl-Philipp Richter wrote:
> Am 14.03.2016 um 14:24 schrieb Chas Williams:
> > Then you should have permission to read root.cell. Did you add admin
> > to the system:administrators group? Do the pts commands work?
> >
> > While poking around I found this gentoo document which seems to
> > cover what you want:
> >
> > https://wiki.gentoo.org/wiki/OpenAFS
> >
> > Search for :mount
> Good hint, thanks. I tried all sorts of variations of `fs setacl
> /afs/.:mount/richtercloud.de:root.afs/. system:anyuser rl` with
> `dynroot` notation and `root.cell` as well which all fail with the
> mentioned error.
>
> `admin` is a member of `system:administrators` according to `sudo pts
> membership admin -localauth`. `pts createuser` didn't cause any trouble.
>
> >> What could I use as alternative to `aklog` to try it out?
> > Usually you create the /usr/local/NoAuth file instead of using the above.
> On Ubuntu 16.04 I ran `sudo bos setauth richtercloud.de -authrequired
> off -noauth` to create `/etc/openafs/server/NoAuth` assuming that's the
> recommended way to create that file (as all files in OpenAFS).
I seem to have lost track of the history of this thread (and re-reading
the archives doesn't help a whole lot), but even when -dynroot is in use,
it is not necessary to enter -noauth mode to complete the cell setup.
pts adduser -user admin -group system:administrators -localauth
should work to get the 'admin' user administrative rights, though an
'aklog -force' may be needed to get the fileserver to re-check group
membership.
This sort of permission error can also occur when the fileserver can't
communicate to a ptserver, so it's also worth checking for error messages
in the various log files.
-Ben