[OpenAFS-port-darwin] MacOS X and Tokens

Ragnar Sundblad ragge@nada.kth.se
Fri, 04 May 2001 20:03:27 +0200


--On Thu, 3 May 2001 16:03:30 -0700 Thomas Vincent <thomasv@apple.com> 
wrote:
> You need to make your pts id the same as your uid. This tricks the
> server into thinking pts id's are uid's. Then you can klog and get
> access to your resources.

Note that this has nothing to do with AFS, it is just MacOS X
apps that think they can take uid's in the file system and look
them up in netinfo (getpwent etc). This is of course wrong
for afs and lots of other file systems.

The problem is that there is no good easy generic solution
for this. There really should be one. A vfs call, or at least a
lib, that understands as many ACL kinds as possible and delivers
them in a format that a program can present to the user, and
write back to the file system. It should not be to hard to make
a generic format that works with all current file systems.

But yes, you are right, things and users will be far less
confused if uids and pts ids are in sync.

> AFS under OS X has a couple of issues:
> The finder does not understand ACL's. It only understands
> World/Group/Everyone .
> The finder does not differentiate between network and local access of
> file systems.

Our Arla developers strongly believe that Finder should use
access() to check what it can and can't do, at least for file
systems that it doesn't know anything about.
As I have understood it access() should not cost more than stat().

> Both of these issues are being worked on.

Great!

/ragge