[710] in Info-AFS_Redistribution
Re: pts: ID 0 and groups of groups
daemon@ATHENA.MIT.EDU (Wallace Colyer)
Thu Apr 9 10:07:38 1992
Date: Thu, 9 Apr 1992 09:10:48 -0400 (EDT)
From: Wallace Colyer <wally+@andrew.cmu.edu>
To: Info-AFS@transarc.com
In-Reply-To: <9204090941.AA04383@xdm001>
Excerpts from internet.info-afs: 9-Apr-92 Re: pts: ID 0 and groups of..
Peter Lister@xdm001.ccc. (3035)
> What we should be able to do is set ACLs for package1:users ONLY, and do the
> rest with pts. Before the class:
You can not expect there to be an immediate result if you just change
the members of a group and not the acls.
Each fileserver only checks with the ptserver to see what groups you are
a member of once for each connection (connections are reestablished if
you reauthenticate). This means if you changed the members of a group
immediately before a class anyone who had contacted the fileserver prior
to that could still access the directory until their tokens expire.
This does not diminish the benefit of groups within groups, but it makes
the use you suggested unwieldy.
-Wallace