On Sep 13, 2005, at 3:21 PM, Jeffrey Hutzelman wrote:
(1) Don't reuse PTS ID's. But you figured that out.
I really hope to win that battle.
(2) Whenever possible, ACL's should contain groups, not users. When a PTS user is deleted, its group memberships automatically go away.
All centrally managed ACLs are done that way, except for the user's home volume. For areas where users can set ACLs, who knows what's been done.
I had suspected that PTS group memberships went away. My testing confirmed it, and now you've re-confirmed it. Thanks!
(3) 'fs cleanacl' will "clean" the ACL of a directory, removing entries for ID's which do not currently exist in PTS. So, you could do something like this (assuming GNU find and xargs): find /afs/gmu.edu -noleaf -type d -print0 | xargs -0 fs cleanacl -path
I was thinking something along those lines. I guess it really doesn't matter how many accounts I'm deleting. I'll just save that till they're all deleted and take one run through the filesystem.
Out of curiosity, are there any AFS aware find commands that will restrict themselves to traversing a single specified cell? It's possible someone could mount a volume from another cell somewhere in our filesystem. It would suck to spend a bunch of time trying to fs cleanacl someone else's cell, especially when it would fail. This is mostly a hypothetical question, but it has been one of those weeks...
Thanks for the advice! Brian _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
