Paul Viscuso <[EMAIL PROTECTED]> writes:
> Has anyone been able to successfully get a machine set up on an ACL
> list? I followed the recipe, but am unable to gain access to the
> directory for which the machine has read ACL's. What I did was
>
> pts createuser <IP address>
> pts cg <group name>
> pts adduser <IP address> <group name>
> cd <directory>
> fs sa . <group name> read
>
> When I put myself into the group, the ACL's work. But when I am not in
> the group, but am on the appropriate machine, the ACL's do not permit me
> to gain access.
>
> Paul Viscuso
> Cornell Theory Center
After putting the machine's IP address on the ACL, you need to wait up
to two hours or restart the fileserver in order for it to take effect.
The membership of your host is evaluated when the first connection is
made and is only occasionally refreshed. Re-evaluating the membership
before each file access would be very expensive, so this caching
approach is used.
Due to a bug in AFS 3.2 code, wildcard IP address entries don't work
properly. If you create and add the user 192.55.207.0 to a group, the
machines in the 207 subnet probably will *not* have access. You have
to also create a user for the specific IP addresses, such as
192.55.207.15, 192.55.207.16, etc. before the wildcard will take
effect. You don't have to add the specific user to the group, you
only need to create it. A fix for this problem will be made available
in the next interim release of AFS. All site contacts will be
notified when it is ready.
Joe Jackson,
AFS Product Support,
Transarc Corp.
