"O.W." <[EMAIL PROTECTED]> writes:
> Hi,
[...]
> /coda -- projects -- proj1
> | -- proj2
> |
> -- users -- u.fwang2
> -- u.smith
>
> ...
>
> o do I need to create volumes for intermediate directory
> (eg. projects, users) and mount them first?
Not neccessarily.
I created /coda/projects and /code/users within the root volume,
and mounted the volumes per user/ per project underneath that.
> o why mounting point decision is at client's side? I must
> be missing something here: if I create a user group and
> give them permission to write under, say /coda/users
> (otherwise, they can not mount volume, right?), then it
There is probably a misunderstanding
on how coda creates that hierarchy.
First: your users actually need the "A" bit of the ACL,
(which stands for administration) to mount volumes.
Second: yes, mounting is done working on the clients,
but once a volume is mounted, it appears at this position
in the tree on all the clients.
(The actual mechanism is beyond me at the moment)
Third: to create the volumes you need root access
(well, permission to write /vice, usually root)
on the server anyway. So you can just as well *not* give
"A" permission to your users on /coda/users,
and do the cfs mkmount at the same time you did the createvol.
(we have the convention to create coda.homes.someone
and mount to /coda/homes/someone)
> doesn't seem to make sense on security: each user can mount
> other's volume?
We have all the volumes mounted all the time on all the machines,
see above. As the ACLs are not changed, there is no security problem
as far as I can see.
> o when we say "mount from client machine", does it mean
> that whoever using the client machine, request his/her own
> token, and do the mounting? everything when he/she log in?
Don't really understand this one, sorry.
> I guess my confusion comes from the management of
> hierachical volume and their interplay with ACL, I hope
> someone on the list can enlighten me on this.
It takes a while... You might as well browse some
of the AFS (codas "ancestor" so to say) documentation, e.g. around
http://www.ncsa.uiuc.edu/General/Training/AFSIntro/intro/fileprot/acls/rlidwka.html
to get some more general concepts.
So long,
Steffen
