On Fri, Feb 25, 2011 at 12:11 AM, Andrew Deason <[email protected]> wrote: > On Thu, 24 Feb 2011 18:01:10 -0700 > Thomas Smith <[email protected]> wrote: > >> Groups: >> * group0 - The primary group for office location "group0". >> * group0:admins - Office administrations for "group0". > > I assume you added group0:admins to group0? You don't say that, but you > mention supergroups... but it doesn't seem to be too relevant to this. A > 'supergroup' is when you add a group as a member of another group; I'm > not sure if that's what you meant. You do that by running something like > 'pts addu group0:admins group0'.
He means that thing Esther Filderman also calls supergroups, that I have never heard anyone else speak of. > You also probably don't want to name the groups that way. The colon in > group names is a special delimeter, indicating that group0:admins is > owned by group0 (iirc, pts will not let you create that group unless you > specify it as owned by group0). pts chown group0:admins group0:admins > So, members of group0 will be able to > add and remove members to/from group0:admins. That doesn't seem like > what you want. > > You could create a group called group0 and a group called group0.admins > (or groups called group0.members and group0.admins), and have the admins > 'own' the non-admin group. You can specify ownership via 'pts createg > -owner' or 'pts chown'. note that you can't make a self-owned group directly: pts cg group0:foo -o group0:foo -c dem pts: User or group doesn't exist ; unable to create group group0:foo with id 0 owned by 'group0:foo' >> I've looked for examples of how to setup supergroups as well as how to >> work with AFS's ACL inheritance and haven't found much. > > We surprisingly don't mention supergroups in any manpages except for > 'pts membership'. We should add something in 'pts adduser' and 'pts > removeuser', probably. But they should be rather intuitive; I don't > think you're getting tripped up on supergroups. see above for this confusion. > "ACL inheritence" doesn't happen much in AFS, if I'm understanding that > term correctly. That is, the permissions you have or not have in parent > directories don't really affect you in lower directories (except > inasmuch as you can actually reach the lower directories). ACL inheritance happens when you create a child directory, one time, and subsequent changes to the parent are not inherited. Otherwise, I agree with Andrew. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
