[OpenAFS] IP based ACL and User Based ACL
Thossaporn (Pommm) Phetruphant
Tue, 4 Jun 2019 19:05:17 +0700
I'm looking to implement IP based ACL and User Based ACL in my openAFS
setup. The scenario I like to have is :
Joe have right to access volume work1.
Joe sit on a workstation IP address 192.168.0.25
Joe also have 2nd workstation IP address 192.168.0.125
Management want Joe to be able to access volume work1 only from
workstation IP address 192.168.0.25.
I currently know and have these setup on my openAFS :
Joe is member of work1
$ pts membership work1
Members of work1 (id: xxx) are:
$ pts membership work1-ip-whitelist
Members of work1-ip-whitelist (id: yyy) are:
Danny who don't assign in work1 can use his account on workstation
192.168.0.25 to access work1 volume. <- I don't want this.
Is it possible to have ACL that only allow user Joe from workstation IP
address 192.168.0.25 to access but not allow Danny?
Basically, User based ACL "and" IP based ACL. Both need to be TRUE to