Coda File System

Re: FAQ: Is Coda ready for use?

From: Lionix <lio_at_absium.com>
Date: Tue, 02 Dec 2003 18:07:43 +0100
Joerg Sommer wrote:

>Are you sure? http://www.coda.cs.cmu.edu/doc/html/manual/x237.html says:
>
>"In addition to the Coda access lists, the three owner bits of the file
>mode are used to indicate readability, writability, and executability.
>You should use chmod(1) to set the permissions on individual files."
>  
>
Well..... Let's try again !

logrus:/coda/RootMaison$ l
total 261
drwxrwxrwx  157 root     nogroup    262144 Oct 26 20:39 data1
drwxrwxrwx    3 root     nogroup      2048 Nov  2 21:15 data2
-rw-------    1 root     root          122 Dec  2 16:59 ici-root-rk
drwxr-xr-x    3 sync     nogroup      2048 Oct 28 01:28 www

logrus:/coda/RootMaison$ id
uid=1000(lionix) gid=1000(lionix) groups=1000(lionix),29(audio)

logrus:/coda/RootMaison$ ctokens
Tokens held by the Cache Manager:
Local username: lionix

    @RootMaison
        Not Authenticated

logrus:/coda/RootMaison$ cat ici-root-rk
ahahahha you are on the root-replicated volume....
What are you doing here .????? :o)

logrus:/coda/RootMaison$ cfs la ./
      System:AnyUser  rl
System:Administrators  rlidwka

Even in root chmod and chown woks only when I get authentificates !
Logic : root process had ACL to let me change the bit-permissions
API are over the unix permissions.

Helping with Stephen J Turnbull graph I would say that unix process try 
to acces file true VFS downcall, and as the upcall to venus checks coda 
ACL, and it retun something like "user can read" it's enough for him !
Don't know where is the implementation of unix permission mecanism but I 
would bet it's somewhere under an other type of downcall to the kernel ( 
ext3fs ? ).

>pam_kerberos works, but this isn't relevant. What I want to know is, does
>coda grants access if a valid kerberos token is present and does the
>kerberos UID match the coda uid - otherwise ls prints false user names?
>  
>
You'll perhaps have to set up uid in coda to be the same as your 
kerberos server.

>BTW: http://www.coda.cs.cmu.edu/doc/html/manual/x197.html says a tokes
>expires after 25 hours. Is this tunable? How to grant access for system
>services like apache? If users have in their home a webspace ~/.www/
>which is accessible through http://www.foo.de/~user/. So apache needs a
>unlimited token. Is this possible?
>  
>
It ACL are set to system-anyuser readable apache should be able to read 
the content of directory.
Give apache an acount in coda is a good idea...
For the unlimited token you can clog apache via a cron script.
I currently added a symlink in SysVinit scripts in order apache to be 
clog at end boot process too...
Woooops I had to reboot.... :-)

>Well, cache isn't the right word. I mean the disk cache. I would like to
>turn them on and off at runtime like a swap partition.
>  
>
Interesting...

-- 
Lionix
FS-Realm (newbee?) Administrator
Hundreds hours of work but so powerful !
Received on 2003-12-02 13:06:48