Mark S. Fineman writes:
> Joe Jackson says that:
> > re-evaluating the membership before each
> >file access would be very expensive.
> what about re-evaluating before after each failed access and
> automatically retrying 1 time?
Or... How about something like 'fs flushhostcps' to just delete the
cached copy of the host cps on the fileserver. Then the fileserver
would treat the next request as "new" and recache accurate cps
information. This won't take care of the case where you create a new
group with the host (or a wildcard) on it, ACL a directory to it, and
then try to use it. You would have to either 'fs flushhostcps' for
each host on the ACL which you want to access the directory before the
time limit (2 hours or whatever), or wait. However, it might be easier,
and it would certainly be better than nothing. It would also probably
save a lot of packet exchanges which look like:
fileserver - 'are you sure so-and-so is not in any of those groups?'
ptserver - 'yes'
In the case of a massive change which must be seen immediately by all
machines, the solution is probably to just restart the fileservers.
-Scott
