Coda File System

5.3.12 server problem

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Mon, 22 Jan 2001 18:08:43 -0500
Every new release seems to introduce yet another server problem.

With 5.3.12, when an SCM is installed from scratch, the ACL on newly
created volumes is incorrect and clients cannot access them.

Any installation that reuses PDB databases which have been created by a
previous Coda installation will work fine. So upgrading existing servers
is not a problem.

The correct fix for people who are building from source is attached to
this mail (and already committed into the CVS).

For those who would like to use the prebuild 5.3.12 binaries, need to
make sure that the System:AnyUser group has a higher number than
System:Administrators.

Before running vice-setup, apply the following patch to
/usr/sbin/vice-setup-user:

=====================================
--- vice-setup-user.orig	Fri Jan 19 12:45:36 2001
+++ vice-setup-user	Mon Jan 22 17:56:02 2001
@@ -109,8 +109,8 @@
 cat > pdbsetup <<EOF
 nui System 1
 nui $username $userid
-ng System:Administrators $userid
 ng System:AnyUser System
+ng System:Administrators $userid
 EOF
 
 pdbtool source pdbsetup
=====================================

If you already created the pdb database, use pdbtool to fix the problem.

Check whether we have a problem:
    # pdbtool l System:AnyUser
    System:AnyUser's id is -2
    # pdbtool l System:Administrators
    System:Administrators's id is -1

Yes, because the id of AnyUser is less than that of Administrators.
Fix the problem.

    # pdbtool ci System:Administrators -3
    # pdbtool ci System:AnyUser -1
    # pdbtool ci System:Administrators -2
    # pdbtool ag System:Administrators <adminid>

Restart the server, and new volumes will be created correctly. A client should
be able to mount the previously created root volume, although the ACL will be
the wrong way around.

    $ clog <adminuser>
    $ cfs sa /coda System:Administrators all
    $ cfs sa /coda System:AnyUser rl

Jan

========================================================
Index: coda/coda-src/volutil/vol-create.cc
diff -u coda/coda-src/volutil/vol-create.cc:4.29 coda/coda-src/volutil/vol-create.cc:4.30
--- coda/coda-src/volutil/vol-create.cc:4.29	Thu Jan 18 09:31:14 2001
+++ coda/coda-src/volutil/vol-create.cc	Mon Jan 22 11:54:16 2001
@@ -258,10 +258,14 @@
     ACL->PlusEntriesInUse = 2;
     ACL->MinusEntriesInUse = 0;
 
-    ACL->ActualEntries[0].Id = adminid;
-    ACL->ActualEntries[0].Rights = PRSFS_ALL;
-    ACL->ActualEntries[1].Id = anyuserid;
-    ACL->ActualEntries[1].Rights = PRSFS_READ | PRSFS_LOOKUP;
+    /* ACL's are assumed to be going from lower to higher id number. This
+     * makes the AL_CheckRights function more efficient. However, we now have
+     * to insert the admin and anyuser ACL's in the correct order. */
+    adminindex = adminid < anyuserid ? 0 : 1;
+    ACL->ActualEntries[adminindex].Id = adminid;
+    ACL->ActualEntries[adminindex].Rights = PRSFS_ALL;
+    ACL->ActualEntries[1 - adminindex].Id = anyuserid;
+    ACL->ActualEntries[1 - adminindex].Rights = PRSFS_READ | PRSFS_LOOKUP;
 
     /* set up vnode info */
     vnode->type = vDirectory;
Received on 2001-01-22 18:08:51