Coda File System

acls and unauthenticated clients

From: Patrick Walsh <pwalsh_at_esoft.com>
Date: Wed, 13 Apr 2005 10:55:57 -0600
	It seems that unauthenticated clients do not have the permissions that
they should have.  I want unauthenticated users to be able to do an ls
in the root dir of the realm.  It seems I must be missing something, but
a search of the mail archives and documentation has so far been
fruitless.

	My understanding was that the System:AnyUser group determines
permissions for unauthenticated users, yet look at the following:

# cfs la /coda/myrealm
      System:AnyUser  rl
System:Administrators  rlidwka
# ctokens
Tokens held by the Cache Manager for root:
    @myrealm
        Not Authenticated
# ls /coda/myrealm
ls: /coda/myrealm/: Permission denied

	If I authenticate as a user, I can view everything properly.  So it
seems that the unauthenticated user isn't being associated with
System:AnyUser.  pdbtool list has this (I've cut some things out):

USER System
  *  id: 1
  *  belongs to groups: [ -2 ]
  *  cps: [ -2 1 ]
  *  owns groups: [ -2 ]
GROUP System:AnyUser OWNED BY System
  *  id: -2
  *  owner id: 1
  *  belongs to no groups
  *  cps: [ -2 ]
  *  has members: [ 1 ]
GROUP System:Administrators OWNED BY codaroot
  *  id: -1
  *  owner id: 500
  *  belongs to no groups
  *  cps: [ -1 ]
  *  has members: [ 500 ]

	Does System:AnyUser or System need a magic id number?  Or do I need a
special user account?  I was trying to see what you did at
coda.cs.cmu.edu to make this work, but I'm unable to do more than a `cfs
la` and that looks identical to mine.

	Anyone have any thoughts?  I'm sure this has been covered in the
mailing list, but I'm just having a hard time finding it.  Believe me,
I've tried.

	This is using coda 6.0.8.

Thanks,

-- 
Patrick Walsh
eSoft Incorporated
303.444.1600 x3350
http://www.esoft.com/

Received on 2005-04-13 12:57:02