On Mon, May 7, 2012 at 11:49 AM, Stefan Michael Guenther <[email protected]> wrote: > Hi, > >> > User's (AFS ID 1010) tokens for [email protected] [Expires May 8 15:40] >> > --End of list-- >> >> 'pts examine 1010' to double-check. >> > Name: stefan, id: 1010, owner: system:administrators, creator:admin, > membership: 0, flags: S----. group quota: 20. > > Is it correct, that the user stefan doesn't have to exist on the client as a > Unix account, because user management is done by AFS?
yes. >> Run 'tokens' again after this. Is there anything in syslog/dmesg >> mentioning AFS? Your tokens can be discarded due to a few different >> errors, but they encountering them results in kernel log messages. >> > no entries in dmesg or any log file. hm. what does fs lq /afs/in-put.de/data tell you? not that a readonly filesystem should give "permission denied" but it would be helpful to know. >> the other thing to try is aklog -force; if you added the user to the >> pts group after they got tokens, they need new tokens. >> > using -force didn't solve it. since 1010 is in fact stefan you're directly on the ACL and refreshing the tokens won't help; but it was worth a shot before we knew that for sure. > BTW: Should this permission problem be recorded by the server? The logfiles > in /usr/afs/logs were changed more than 3 hours ago, while I was just getting > another "permission denied". permission denied isn't an error to the server, so no. auditlogs, if you enable those, will log the user making the request as far as the server is concerned, which is more useful in this regard. Derrick _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
