Hi' I've noticed several differences concerning PAGs between the last openafs-versions and 1.4.2 on linux 2.6 with keyring support and I haven't found much information about the implementation, so I'd appreciate if someone could shed some light on it:
*) How do the setgroups() hooks and keyring support play together? What happens if both the system call table had been found and is writeable and keyring support is enabled? *) I've noticed that even if setgroups() twisting is disabled, an openafs client with keyring support will still use two groups to identify the PAG. How are those two groups are connected to the keyring found in /proc/keys? Are there any debugging tools for the interaction of tokens, groups and keyrings? And is there any information on if and how the keyrings are transported across forks and user-id changes? *) I've noticed that with openafs 1.4.2 with keyring support enabled, doing an "su" will keep the token but returning from the root shell will discard the token (see below). Previous (setgroups() based) implementations didn't show this behavior. What's the reason for this and how can I revert to the old style? -------------------- 8< -------------------- $ tokens Tokens held by the Cache Manager: User's (AFS ID 5020) tokens for [EMAIL PROTECTED] [Expires Oct 22 22:37] --End of list-- $ cat /proc/keys 1ec3214c I--Q-- 2 perm 1f3f0000 5020 -1 keyring _uid.5020: empty 2ca04b78 I--Q-- 1 perm 1f3f0000 5020 -1 keyring _uid_ses.5020: 1/4 $ id -G 3000 33769 46409 6 10 500 501 502 33769 46408 $ su # tokens Tokens held by the Cache Manager: User's (AFS ID 5020) tokens for [EMAIL PROTECTED] [Expires Oct 22 22:37] --End of list-- # id -G 0 33769 46409 1 2 3 4 6 10 # exit $ tokens Tokens held by the Cache Manager: --End of list-- $ cat /proc/keys 1ec3214c I--Q-- 2 perm 1f3f0000 5020 -1 keyring _uid.5020: empty 2ca04b78 I--Q-- 1 perm 1f3f0000 5020 -1 keyring _uid_ses.5020: 1/4 $ id -G 3000 33769 46409 6 10 500 501 502 33769 46408 -------------------- 8< -------------------- Thanks in advance, cheers, --leo -- ----------------------------------------------------------------------- [EMAIL PROTECTED] Fax: +43-1-31336-906050 Zentrum fuer Informatikdienste - Wirtschaftsuniversitaet Wien - Austria _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
