Coda File System

Re: ACL and Groups

From: Jan Harkes <>
Date: Fri, 19 Dec 2003 14:25:33 -0500
On Thu, Dec 18, 2003 at 12:19:59PM -0500, Samir Patel wrote:
> Also, trying to remove a group from a group fails with the following
> assertion:
> Assertion failed: PDB_ISGROUP(groupId) && PDB_ISUSER(id), file "pdb.c",
> line 82

Ok, that assertion is a bit too strict, it should be

    CODA_ASSERT(PDB_ISGROUP(groupId) && (id != 0));

> But adding a group to a group works just fine though...

Hmm, I'm looking at the code and wonder if the add works right if we
first create AllGroups, then add (empty) GroupX groups to that, and
finally add the users to the GroupX groups.

... let's try ...

I did the following in pdbtool,

    # create users
    nu admin
    nu user1
    nu user2

    # create groups
    ng allgroups admin
    ng group1 admin

    ag group1 user1
    ag allgroups group1
    ag group1 user2

In principle, user1 and user2 should have pretty much the same cps
(current protection set?)

    pdbtool> i user1
    USER user1
      *  id: 8
      *  belongs to groups: [ -4 ]
      *  cps: [ -4 8 ]
      *  owns no groups
    pdbtool> i user2
    USER user2
      *  id: 9
      *  belongs to groups: [ -4 ]
      *  cps: [ -4 -3 8 ]
      *  owns no groups

Aha, gotcha. When a user is added to a group, we rebuild the CPS so that
it includes all groups that we are directly or indirectly a member of.
However when we add group1 to allgroups, we don't seem to rebuild the
CPS of the existing member (user1).

And when we remove group1 from allgroups, the CPS isn't correctly
updated either. It looks like the updateCpsChildren function isn't

Received on 2003-12-19 14:27:10