Techy Information by yurtgc548


									Techy Information
  Anandha Gopalan
 September 13, 2006
   AFS overview
   Departmental software
   Departmental machines
   The ticket system
   Help !!!
             AFS overview
   What is AFS ?
    • Andrew File System
    • 1984 - Developed at CMU as part of
      Project Andrew
    • 1989 - Transarc Corporation founded to
      commercialize AFS
    • 1998 - Transarc acquired by IBM
    • 2000 - IBM releases OpenAFS under the
      IBM Public License (IPL)
                  Why AFS ?
   Security: authentication via Kerberos 4
   Fine grained control over file permissions
    • Can give individual users access to files and
   Accessible via both UNIX and Windows 
   More information about clients:
               AFS permissions
   Access Control Lists (ACLs) grant permissions on
    a per user and group basis. Each directory has an
    ACL that controls the directory and the files in it
   There are seven permissions that may be
    granted, to either groups of users or individuals
    • System-defined groups exist, but you can define your
      own groups
    • ACLs always are applied to directories rather than to
      individual files
   Files are governed by the ACL on their directory
    • If you change the ACL on a directory, access to all of its
      files changes
    • Subdirectories inherit the ACLs of their parent directory
                 AFS permissions
   AFS ACLs work in conjunction with the
    standard Unix "owner" permissions. Only
    the owner permissions have an effect on
    AFS file access
    • Unix permissions for "group" and "other" do
      not affect AFS file access.
    • A user with appropriate AFS permissions can:
          read a file only if the UNIX "owner read" mode is set.
          write to a file only if the UNIX owner "read" and
           "write" modes are set.
          execute a file only if the UNIX owner "read" and
           "execute" modes are set.
                AFS permissions
   Lookup: l, allows a user to list the contents of the AFS
    directory, examine the ACL associated with the directory
    and access subdirectories.
   Insert: i, allows a user to add new files or subdirectories to
    the directory.
   Delete: d, allows a user to remove files and subdirectories
    from the directory.
   Administer: a, allows a user to change the ACL for the
    directory. Users always have this right on their home
    directory, even if they accidentally remove themselves from
    the ACL.
   Read: r, allows a user to look at the contents of files in a
    directory and list files in subdirectories.
   Write: w, allows a user to modify files in a directory.
   Lock: k, allows the processor to run programs that need to
    "flock" files in the directory.
                AFS permissions
   System-groups in AFS
    • system:anyuser
         Any user in the world who can gain access to your
          cell. This is a very broad group, and caution should
          always be used when granting any access to this
    • system:authuser
         Everyone who is currently authenticated in your cell
    • system:administrators
         A few users in the cell who have been designated as
          AFS system administrators
                AFS pitfalls
   I have –rw------- on my file, but it
    can still be read by others
    • Check the directory permissions
    • AFS works at the directory level, UNIX
      permissions are ignored
    • For a file to be executable, it still needs
      to have the correct UNIX permissions !!!
                   AFS pitfalls
   How do I check if I have safe
    permissions ?
    • /usr/local/bin/checkafsperms directory
         This checks the permission on a directory
    • /usr/local/bin/checkafshier directory
         This checks the permission on a directory
    • These commands only work on Linux
    • These commands report if any directory
      has permissions: i,d,w,k,a
                   AFS pitfalls
   2 GB file size limitation
    • Though you don’t really need this 
   Tokens expire after 24 hours
    • A klog will get you new tokens
    • tokens will show available tokens
    • Use reauth to run programs > 24 hours
   Cannot set recursive permissions 

                   Workaround available  

         To give all permissions to user nemo recursively
             $ find . -type d -exec fs sa {} nemo all \;
             AFS directory setup
   public
    • Directory that can be read and listed by all
    • Contains a directory html under which users
      can create their web pages etc...
   private
    • Accessible only by the user
   Backup
    • Link in the home directory which contains the
      backup that is a day old
    • For older backups, ask tech
      Special AFS user agents
   mailserver
    • Any process using the mail server has
      this username
    • Can be used for spam filtering using
   webserver
    • Any process using the http protocol
    • Can be used for providing correct access
      to user web pages, cgi programs etc…
          Department software
   Information about new software installed
    on Linux/Solaris can be found at:
   /usr/local/contrib contains software that is
    used by a small number of people, its
    either something new or experimental
    • You can contribute by installing s/w in this
      directory (ask tech about it)
   /usr/local contains software that is needed
    and used by the majority of people in the
          Departmental machines
   The Linux machines
    • Can be accessed as: or
         Some machines are: arsenic, antimony,
          oxygen, hydrogen, nitrogen, selenium
   Solaris 9 machines
    • Can be accessed as:
      and, (need to use
      your pitt account for
              The ticket system
   Any email sent to is
    logged into the ticket system
    • Issues a ticket number that is used to
      keep track of this ticket
    • Rather than sending an email, visit: and login with
      your AFS username and password
         Helps in keeping track of your tickets
         Be clear when you ask for something
           • If necessary, mention your machine name, OS,
             room number  Trust me, it helps 
                     HELP !!!
   In case you are wondering:
    • How on this blue-green planet do I do
      this ?????
         Some answers are provided at:

         Has a link to an FAQ with a lot of answers
         Has a link to the tech newsletter
         Has a link to the upgrades and software
          installation by the software TA

To top