On Thu, 15 Sep 2011 11:10:40 -0400 Danko Antolovic <[email protected]> wrote:
> However, this does not let me touch the files in the cell. Trying to > add the foreign-realm group to the directory ACL, like this: > > [root@afs1c afs]# fs setacl -dir /afs/afs1.bedrock.iu.edu -acl > system:[email protected] rlidwka > > does not seem to work, and just adds the group system:authuser to the > ACL once more: To be clear: this is supposed to work (and does for me, here). Have you been changing around the names or IDs of these groups? system:[email protected] doesn't appear to exist anymore. This would suggest something along the way is screwing up the id<->name mapping, but that may not necessarily prevent the actual access from working. Are you actually lacking those rights? (that is, when trying to do one of those operations) You can look at a network dump to verify what names are going across the wire, to see if the setacl and listacl requests are what you think they are. You don't need to be familiar with the protocol or anything; it should be pretty easy to see where the acl data is (it is transmitted in the clear, when 'fs crypt' is turned off). -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
