(Illustration by Gaich Muramatsu)
Joerg Sommer wrote: >Are you sure? http://www.coda.cs.cmu.edu/doc/html/manual/x237.html says: > >"In addition to the Coda access lists, the three owner bits of the file >mode are used to indicate readability, writability, and executability. >You should use chmod(1) to set the permissions on individual files." > > Well..... Let's try again ! logrus:/coda/RootMaison$ l total 261 drwxrwxrwx 157 root nogroup 262144 Oct 26 20:39 data1 drwxrwxrwx 3 root nogroup 2048 Nov 2 21:15 data2 -rw------- 1 root root 122 Dec 2 16:59 ici-root-rk drwxr-xr-x 3 sync nogroup 2048 Oct 28 01:28 www logrus:/coda/RootMaison$ id uid=1000(lionix) gid=1000(lionix) groups=1000(lionix),29(audio) logrus:/coda/RootMaison$ ctokens Tokens held by the Cache Manager: Local username: lionix @RootMaison Not Authenticated logrus:/coda/RootMaison$ cat ici-root-rk ahahahha you are on the root-replicated volume.... What are you doing here .????? :o) logrus:/coda/RootMaison$ cfs la ./ System:AnyUser rl System:Administrators rlidwka Even in root chmod and chown woks only when I get authentificates ! Logic : root process had ACL to let me change the bit-permissions API are over the unix permissions. Helping with Stephen J Turnbull graph I would say that unix process try to acces file true VFS downcall, and as the upcall to venus checks coda ACL, and it retun something like "user can read" it's enough for him ! Don't know where is the implementation of unix permission mecanism but I would bet it's somewhere under an other type of downcall to the kernel ( ext3fs ? ). >pam_kerberos works, but this isn't relevant. What I want to know is, does >coda grants access if a valid kerberos token is present and does the >kerberos UID match the coda uid - otherwise ls prints false user names? > > You'll perhaps have to set up uid in coda to be the same as your kerberos server. >BTW: http://www.coda.cs.cmu.edu/doc/html/manual/x197.html says a tokes >expires after 25 hours. Is this tunable? How to grant access for system >services like apache? If users have in their home a webspace ~/.www/ >which is accessible through http://www.foo.de/~user/. So apache needs a >unlimited token. Is this possible? > > It ACL are set to system-anyuser readable apache should be able to read the content of directory. Give apache an acount in coda is a good idea... For the unlimited token you can clog apache via a cron script. I currently added a symlink in SysVinit scripts in order apache to be clog at end boot process too... Woooops I had to reboot.... :-) >Well, cache isn't the right word. I mean the disk cache. I would like to >turn them on and off at runtime like a swap partition. > > Interesting... -- Lionix FS-Realm (newbee?) Administrator Hundreds hours of work but so powerful !Received on 2003-12-02 13:06:48