On 01/12/2010 02:50 AM, "Karl Tißner" sent:
>>> Since it is not possible to create an user with AFS UID "0", all files
>>> created by root are not owned by root (Debian Linux, root has UID 0):
>>>
>>> # pts createuser -name testtest -id 0
>>> 0 isn't a valid user id; aborting
>>>
>>> What is the
On 01/11/2010 05:21 AM, "Karl Tißner" sent:
> Hello openafs-info,
>
> This seems to me like an frequently asked question, but I didn't find
> the answer searching the web.
>
> When writing into an AFS directory, the file ownership is set to the
> appropriate AFS id, not the Unix UID of the the
We have a process that may run on any number of clients and at various
times, the result of each run is to drop a small file into a common
directory. These files represent queued work requests that get done in
batches about once per hour by another process running on a single
server. That process d
Would it make sense to say f'rinstance "+w" rather than "w+" to keep it
similar to "chown"? Seems like having two different ways to accomplish
such similar ideas is just the sort of thing that keeps the WIMP crowd
shaking their heads at the command-liners. -- todd_le...@unc.edu
On 12/16/2008 01:42
I've got quite a bit of code that does flock() on files in AFS, but I've
always worked under the assumption that this would only work if a single
client is doing the writing. I don't recall whether that assumption was
based on empirical testing, reading it somewhere, or being told. In
those few
Simon Wilkinson wrote:
On 27 Aug 2008, at 02:18, Chas Williams (CONTRACTOR) wrote:
In message
<[EMAIL PROTECTED]>,Mike Shaddock
writes:
I'm looking for a version of du where the -x option (skip directories
on different file systems) doesn't traverse an AFS mount poi
nt. Haven't been able
Jeffrey Altman wrote:
The way I would have implemented this functionality would be for the
file to be moved into the local client's cache and removed from the
file server since the file has now been unlinked and can therefore
not be referenced by other clients. It would then be the client's
re
Jeffrey Altman wrote:
John Hascall wrote:
Which, coming back full circle, is why we seem to be stuck with
the icky extra-protocol hack of using afs-k5 vs afs.
This is a pointless discussion. We aren't going to break existing
deployments of AFS.
I found the discussion informative, in
Harald Barth wrote:
[EMAIL PROTECTED] ~ % LANG="" ll /afs/grand.central.org/
ls: cannot access /afs/grand.central.org/local: No such file or directory
ls: cannot access /afs/grand.central.org/software: No such file or directory
total 14K
drwxrwxrwx 3 root root 2.0K Jun 17 2004 archive/
drwxrwx
Todd M. Lewis wrote:
Derrick J Brashear wrote:
On Sun, 2 Sep 2007, Adam Megacz wrote:
A user's rights on a directory are effectively moot unless s/he has
"l" permissions on every ancestor directory (up to the volume root).
So you could say that the "transitive"
Derrick J Brashear wrote:
On Sun, 2 Sep 2007, Adam Megacz wrote:
A user's rights on a directory are effectively moot unless s/he has
"l" permissions on every ancestor directory (up to the volume root).
So you could say that the "transitive" acl of a directory is its acl
minus permissions whi
Is there a way to tell the fileservers not to talk to clients below a
certain rev, or only allow reads? That should encourage them to upgrade.
Or leave. Not nice maybe, but if old clients can DoS your servers...
Jeffrey Altman wrote:
Matthew Cocker wrote:
I wish. I still have people using 1.3
Zach wrote:
On 7/9/07, Thomas Kula <[EMAIL PROTECTED]> wrote:
AFS does not do read/write replicas.
Why can't/doesn't it do this? Just curious.
Several possible answers.
(1) It's a _really_ hard problem (with surprisingly little payoff IMHO;
better to put that effort into buying and main
Zach wrote:
I was talking to our sys admin. about allowing us users to run cgi
programs from our afs accounts (served from $HOME/www which has
"system:anyuser rl") and asked if the web server could do this and was
told first that the CMU AFS team was working on a way to make CGI
principles for
Adnoh wrote:
Hello @all
I'm new to afs and have a litte problem which I'm not able to solve:
I'm using openafs 1.4.1-r1 on a Gentoo-Linux box. I've created a folder
/afs/.mydomain/test and a pts user 192.168.0.1 + 192.168.10.1 and a pts
group afshosts with these users as members.
then I "fs se
On Thu, Mar 29, 2007 at 10:07:42AM +0200, Gert Burger wrote:
We are currently switching to openafs but are concerned about how to
backup our data.
My problem with dumping a volume and doing a backup of that is that it
seems difficult to do incrementals.
We only have enough space for about 3x
I'm afraid you're going to be disappointed, unless you have only one
OpenAFS server. The OpenAFS clients communicate with whichever server(s)
house the volumes they are trying to use. Volumes contain what looks
like a directory of subtrees with files, directories, and symbolic
links, but they c
I see a need for both solutions. Would it be possible to change the
behaviour on a per-fileserver basis? That you could allow one scenario
on volumes on fileserver a and allow the other on fileserver b.
Perhaps a flag to the fileserver on start-up to select which method the
cell admin would lik
Life gets interesting when multiple files with the same name have been
deleted, but maybe you don't care about that (I would).
Not so interesting. The function to list the entries reports multiple
files with the same name.
... and how do you pick which one you're undeleting?
I mean, I know
Matt Hampton wrote:
Hi
I have probably missed this whilst looking through the FAQ so forgive me
if I am asking stupid questions.
These are good questions, but I don't think you'll like these answers.
I am looking to migrate to a DFS to provide increased resilience to our
business and to al
Daniel Miller wrote:
Is there a way to do fs setacl recursively?
-Daniel
Here's a recursive "fs sa" for afs using xargs:
find . -noleaf -type d -print0 | xargs -0 -n 2 fs sa -acl XX YY -dir
A few things to notice:
* -noleaf in AFS makes find do the Right Thing at the root of volumes.
*
Brian Sebby wrote:
We're going to be upgrading our AFS cell in the coming months, and my boss
has informed me that he wants to change the names of our AFS database servers
from their current domain (which is our old department name) to our new
server subdomain.
This question got me thinking ab
Jeffrey Altman wrote:
With the deadlock removed, saving files from Microsoft Office
applications in Frank's environment does not result in a delayed
write error. [...]
This fix will appear in 1.4.2 and 1.5.2.
Jeffrey Altman
Just to be clear, is this a server fix or a client fix?
--
+--
You might be surprised at the differences between what you think should
be in the cache and what actually should be there. But in any case, the
client doesn't have any sort of multi-policy cache capabilities that I'm
aware of.
If you've got a list of files that you really want to keep cached,
Jeffrey Altman wrote:
I have tested the functionality on Windows 2003 SP1 and everything
behaves exactly as it should. It doesn't matter whether I copy or
move from the command line or whether I drag/drop 1000 files or
whether I copy/paste files. It all works just fine.
So as far as I am co
Jeffrey,
Your explanation of the error flows through the various levels is
informative, and I believe you are 100% right on the level you are
talking about.
From the user's perspective, however, all he sees is that he goes to
move/copy a file with the standard tools the Desktop provides, and
Perhaps it's related to home directory issues, but based on my
experience, I think you're running into an issue with SELinux. The
default SELinux policies make /afs basically invisible to httpd. As a
quick test, you can disable SELinux enforcement (see
/etc/selinux/config), reboot, and see if
If you're running Apache on Fedore Core 4 and SELinux is enabled, Apache
won't be able to see anything in AFS. The easiest solution is to
disable SELinux, but then you don't get any of SELinux's protections.
Alternatively, you can use audit2why to find out what it is about your
SELinux policy
[EMAIL PROTECTED] wrote:
On 10/28/05, Joe Buehler <[EMAIL PROTECTED]> wrote:
Something of importance, is putting sensitive information like ssh
private keys and PGP keys, etc in AFS is a bad idea unless you have
encryption in there someplace. Same is true for any network based
filesystem.
That's not a problem; that's how it's supposed to work.
Think about it this way. Say you have a cell with, oh, 40,000 active
users (like us), and your desktop machine is an AFS client. How do you
control which of those 40,000 people can login to your machine? You
only put in /etc/passwd those
Simeon Miteff wrote:
[...]
Looking at the public CellServDB, I can't help wondering how AFS servers
are connected at other universities? Are we overly firewalled?
Yes.
Do other HPC centres maintain separate AFS cells for cluster users?
No.
Any thoughts?
You gain nothing by replicatin
Jiann-Ming Su wrote:
On 9/27/05, Chris Crowther <[EMAIL PROTECTED]> wrote:
Jiann-Ming Su wrote:
Also, I'm not at the point where I can sniff the traffic yet, but is
the network traffic encrypted? Thanks for any insights.
If you choose for it to be, it is.
And how do I verify th
Lester Barrows wrote:
In an out-of-band discussion, Jeffrey Altman has managed to convince me (not
an easy task mind you!) that Transarc AFS servers are more likely the cause
of our NAT troubles with AFS clients. For this reason I'm amending my initial
statement to say that if you access Tran
Cédric CACHAT wrote:
Hello,
this is the first time I write and I am pretty new to AFS. I have a
question regarding mount points in AFS.
Here is what I'm trying to achieve:
I want all my users to have their home directory in AFS, the plan is to
set an AFS tree looking like:
/afs/cell/usr/ho
rogbazan wrote:
Hi,
i´m installing a client on a HP-UX, i knew that the file system type
where /usr/vice and /usr/vice/etc will be has to be (and only) hfs, is
that correct?
Could i create those dirs on a volume manager FS?
This is my first time on the issue (HP-UX).
I´ve been trying to find that
Rodney M Dyer wrote:
At 01:49 PM 4/5/2005, Derrick J Brashear wrote:
use the -noleaf option to find. it's not an afs bug, so you found no bug.
Actually, why isn't this a bug? He doesn't need the -noleaf option if
there is at least one other "real" directory in the root of the
directory he is t
Andrew Velikoredchanin <[EMAIL PROTECTED]> wrote:
This meen - I can not update files on replication valumes?
That's correct.
I need
generaly add new files and remove old files on this valumes - no need
change files.
It doesn't matter. The replication is not at the file level, it's at the
volume
Derrick J Brashear wrote:
On Tue, 22 Mar 2005, Bob Cook wrote:
On Monday, March 21, 2005, Todd Lewis wrote:
Not quite. The owner of a directory has implied administrator
rights in that directory.
[...] although Todd is right about the behavior, Derrick
Brashear acknowledged at last year's Best Pra
[EMAIL PROTECTED] wrote:
Hello everybody,
I'm setting up an OpenAFS-cell, now I want to configure my firewall
but don't know wich ports are used by OpenAFS. Can someone help me?
You didn't indicate what type of firewall you are configuring. However, here
are the relevant lines from my /etc/syscon
Dexter 'Kim' Kimball wrote:
In general AFS doesn't care about ownership/mode bits -- ignores them
entirely on directories,
Not quite. The owner of a directory has implied administrator rights in that
directory. That may be relevant here. Or not. Whatever.
--
+--
Jeffrey Altman wrote:
Rolandas Naujikas wrote:
P.S. Sorry for not be able support the efforts to improve code, but I
have too much work.
I'm not sympathetic. We all have too much work. If you are going to
rely on an open source technology and its community to provide services
to your end users
Derek Atkins wrote:
Matthew Cocker <[EMAIL PROTECTED]> writes:
v) are groups of groups possible?
I know there were patches available to make this happen. I do not
know if they were ever merged back into the openafs mainline.
Wow. Was this a server- or client-side thing? Would this cause
strangen
Derek Harkness wrote:
Correct I'm replicating my home volumes. My solution to not having
read-write replication is just releasing the volumes every couple of
minutes or whenever they need to be released.
[Sigh] This is not recommended.
But if that isn't possible or not recommended then AFS is re
Jeffrey Hutzelman wrote:
[...] Don't use them in [...] email messages [...].
Otherwise you _will_ regret it later.
Yup. I sure do regret putting one in the email to this list that lit the
fuse on this discussion. My mozilla's "delete" button is 'bout wore out.
--
+-
Jim Rees wrote:
'/afs/isis' is a symbolic link, leading to a mount point for
volume 'root.cell'.
So you broke one of the most important features of afs, the global name
space. Why?
'Cause we're stupid? 'Cause I didn't want to make an already too long
message even longer?
Actually, we thou
Joshua Johnson wrote:
> So, at the risk of starting something here, I am going to ask what
other
peoples experiences are with placing /usr/local in AFS and sharing among
machines of same @sys type (much like the AdminGuide suggests).
I think it depends on how much administrative control you exp
/nss_pts_0.2.tgz if you're interested.
It's GPL'd, 'cause it uses code from samba, so I don't know how that
mixes/matches with other OpenAFS contribs. Just do the Right Thing.
Happy computing,
--
[EMAIL PROTECTED]
In September, 2002, Todd M. Lewis wrote:
Greetings,
I'
Lester Barrows wrote:
[... good stuff about 'up' not preserving directory timestamps...]
It seems to work as-is, but begs the question: If it's that easy, do you (or
does anyone) know why this isn't done already?
Sure: Nobody's contributed the code. Seriously. When I added the bits
to make i
http://grand.central.org/twiki/bin/view/AFSLore/AdminFAQ#3_29_What_underlying_filesystems
http://grand.central.org/twiki/bin/view/AFSLore/SupportedConfigurations
yam wrote:
Hello,
I'm starting up an OpenAFS installation, and I've arrived to my first
dilema... What filesystem to use for openafs v
"Todd M. Lewis" wrote:
>
> Wout Mertens wrote:
> >
> > Anything else that is different versus 'regular' unix filesystems?
>
> * ACLs apply to whole directories
> * Only the first 3 bits of a file's permissions are relevant
> (which give
[EMAIL PROTECTED] wrote:
>
> I believe kpasswd should be kapasswd. kpwvalid is because I don't have
> the server installed.
kpwvalid is used by kapasswd to ensure the new password meets
requirements of the local site. By default, it only tests password
length, but you could add further tests (as
51 matches
Mail list logo