Adnoh wrote:
Hello @all I'm new to afs and have a litte problem which I'm not able to solve: I'm using openafs 1.4.1-r1 on a Gentoo-Linux box. I've created a folder /afs/.mydomain/test and a pts user 192.168.0.1 + 192.168.10.1 and a pts group afshosts with these users as members. then I "fs setacl /afs/.mydomain/test afshosts all" when I try to get to that dir from one of these hosts (unauthenticated) i come to /afs/.mydomain/ but when I wanne to get infos on "test" i get permission denied. can someone explain me why? maybe I've missunderstood something...? Just wanne to allow every daemon running on that 2 hosts full access to that "test" - folder. Thanks for responses
It can take a couple of hours for file servers to become aware of IP group members. The process is fundamentally different for authenticated users vs. unauthenticated hosts, but think about it this way: if the file servers were to check every access for changes in IP group memberships in every directory, they would basically melt down your network and performance would fall through the floor. Instead, they slowly over time pick up those changes in what is generally an slow moving target set of data, and after a couple of hours they have a pretty complete picture of what IP entities are in which groups.
Or think about it another way. When you become a member of a new group, you (may) have to re-authenticate for the change to take effect for ACLs in a given directory. Your group memberships are refreshed when you authenticate. Hosts don't authenticate, so there's no event to trigger refreshing their group memberships. So the file servers pick that up over time.
Or maybe I'm blowing smoke, but that's what I was told once. -- +--------------------------------------------------------------+ / [EMAIL PROTECTED] 919-445-9302 http://www.unc.edu/~utoddl / / Atheism is a non-prophet organization. / +--------------------------------------------------------------+ -- +--------------------------------------------------------------+ / [EMAIL PROTECTED] 919-445-9302 http://www.unc.edu/~utoddl / / He who laughs last thinks slowest. / +--------------------------------------------------------------+ _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
