Re: [OpenAFS] Writing allowed where it's not expected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 17.09.2011 17:51, schrieb Jeffrey Altman: And is the sw.readonly volume accessible? Yes, I think so. vos examine sw.readonly -cell altum.de sw.readonly 536871303 RO 3 K On-line rohan.altum.de /vicepa RWrite 536871302 ROnly 536871303 Backup 0 MaxQuota 5000 K CreationSat Sep 17 09:41:04 2011 CopySat Sep 17 09:41:04 2011 Backup Never Last Access Sat Sep 17 09:40:59 2011 Last Update Sat Sep 17 09:40:59 2011 0 accesses in the past day (i.e., vnode references) RWrite: 536871302 ROnly: 536871303 number of sites - 2 server rohan.altum.de partition /vicepa RW Site server rohan.altum.de partition /vicepa RO Site Is it because both are on the same partition? I guess not... Bye... Dirk -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFOdaIX8NVtnsLkZ7sRAl5eAKChRuwECjTdXZC4n8KhpMX0ln7mUQCeO0B2 TRt7ykSEgmAcoTGoeqipy+8= =TBzH -END PGP SIGNATURE- ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Writing allowed where it's not expected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 18.09.2011 09:47, schrieb Dirk Heinrichs: Am 17.09.2011 17:51, schrieb Jeffrey Altman: And is the sw.readonly volume accessible? Yes, I think so. vos examine sw.readonly -cell altum.de sw.readonly 536871303 RO 3 K On-line rohan.altum.de /vicepa RWrite 536871302 ROnly 536871303 Backup 0 MaxQuota 5000 K CreationSat Sep 17 09:41:04 2011 CopySat Sep 17 09:41:04 2011 Backup Never Last Access Sat Sep 17 09:40:59 2011 Last Update Sat Sep 17 09:40:59 2011 0 accesses in the past day (i.e., vnode references) RWrite: 536871302 ROnly: 536871303 number of sites - 2 server rohan.altum.de partition /vicepa RW Site server rohan.altum.de partition /vicepa RO Site Is it because both are on the same partition? I guess not... Hmm, for some reason not entirely clear to me, it now works as expected. % pwd /afs/altum.de % touch sw/foo touch: cannot touch `sw/foo': Read-only file system % cd ../.altum.de % touch sw/foo % ll -g -n sw/foo - -rw--- 1 100 0 2011-09-18 10:16 sw/foo % cd - /afs/altum.de % ll -g -n sw/foo ls: cannot access sw/foo: No such file or directory % vos release sw Released volume sw successfully % ll -g -n sw/foo - -rw--- 1 100 0 Sep 18 10:16 sw/foo The only thing I did was to vos release _another_ volume that was mounted below .../sw and which showed up as not released in the output of vos listvldb. Does this also count as being on a read/write path? Bye... Dirk -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFOdam18NVtnsLkZ7sRAgAUAJ9tan2EpjircwslV3mS6mVHiPbRQACeORGK NeWbmq+mol5Ed4N2eYFW7io= =EvFb -END PGP SIGNATURE- ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] VL server preferences
Hi Everyone, I'm currently doing a testrun with Ubuntu Natty + openafs 1.6.0 (Russ Allbery's Debian package version 1.6.0-1). When I do root@myhost fs setserver -vl someserver 1000 I get this message: This cache manager does not support VL server preferences. This was working in 1.4.x . Is this a permanent change? Is there an alternative to change VL-Server priority? Maybe via DNS (I'm using -afsdb)? Regards, Frank Burkhardt ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] VL server preferences
On 18 Sep 2011, at 11:13, Frank Burkhardt wrote: Hi Everyone, I'm currently doing a testrun with Ubuntu Natty + openafs 1.6.0 (Russ Allbery's Debian package version 1.6.0-1). When I do root@myhost fs setserver -vl someserver 1000 I get this message: This cache manager does not support VL server preferences. My suspicion is that this has been broken by 718f85a8, which added validation checks to the data passed from user to kernel space as part of pioctls. If anyone wants to investigate, the bit of code to look at is the declaration for the SetSPrefs pioctl in src/afs/afs_pioctl.c S. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: OpenAFS and AD trusts
Yes, the identical id's are pathological, although I do not recall anything particularly screwy about setting up either of those groups. The one thing that prdb_check turns up, and that looks vaguely wrong, is the zero header: [root@afs1c db]# prdb_check -verbose -database prdb.DB0.copy -uheader Ubik Header Magic = 0x354545 Size= 0 Version.epoch = 1316114301 Version.counter = 2 Ubik header size is 0 (should be 64) Database has 14 entries What do you suggest? Danko Andrew Deason wrote: On Fri, 16 Sep 2011 15:33:09 -0400 Danko Antolovic danto...@indiana.edu wrote: Is the @ syntax implemented in the fs setacl command? It looks as if only the first half of the foreign user/group name was considered. Yes; to just alleviate your fears (if I were in your situation, I would be skeptical that 'fs' accepted that syntax), I can certainly do this: $ fs sa /afs/.localcell system:authu...@iu.edu l $ fs la /afs/.localcell Access list for /afs/.localcell is Normal rights: system:authu...@iu.edu l system:administrators rlidwka system:anyuser rl What am I missing? I'm not sure how the pt database managed to get in this state, but something appears pretty screwed up. Just to show you what this would normally look like: $ pts examine system:authuser Name: system:authuser, id: -102, owner: system:administrators, creator: system:administrators, membership: 0, flags: S-M--, group quota: 0. $ pts examine system:authu...@iu.edu Name: system:authu...@iu.edu, id: -5029, owner: system:administrators, creator: adeason, membership: 0, flags: S-M--, group quota: 0. But your cell looks like: $ pts examine system:authuser -cell afs1.bedrock.iu.edu -noauth Name: system:authuser, id: -102, owner: system:administrators, creator: system:administrators, membership: 0, flags: S-M--, group quota: 0. $ pts examine system:authu...@ads.iu.edu -cell afs1.bedrock.iu.edu -noauth Name: system:authuser, id: -102, owner: system:administrators, creator: system:administrators, membership: 0, flags: S-M--, group quota: 0. Note that both groups appear to be pointing at the same id, even though 'listent -groups' lists a different one, suggesting that the ptdb is corrupt, probably due to a name hash chain pointing at the wrong thing. Do you have the tool prdb_check? Copy prdb.DB0, and run 'prdb_check prdb.DB0.copy'. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
