-
+[[!meta title="AFS and You"]]
<div style="float: right; font-size: 0.8em; background-color: #D0D0D0; margin: 1em;">
<ol>
drawn from a variety of sources. <br />
Credit goes to them, blame goes to him.
</p>
-<h1 id="WhatisAFS">What is AFS?</h1>
+<h2 id="WhatisAFS">What is AFS?</h2>
<p>
The <strong>Andrew File System</strong> or <strong>AFS</strong> is a distributed network file system invented at <a href="http://www.cmu.edu/index.shtml">Carnegie Mellon University</a> as part of Project Andrew (approximately their equivalent of MIT's Project Athena). More importantly, it is the file system used to store most files on Athena today. This includes your personal home directory, the data and websites of many living groups and student groups on campus, and probably some of the software you run (if you ever use Athena clusters). (Though all user directories were migrated from NFS in the summer of 1992, some files probably still remain on NFS and, of course, various file systems are used on personal computers and servers.)
<p>
For the most part, using AFS, particularly at MIT, is well-hidden and can be used like any other UNIX file system. For some things, you will need to know a bit more. Let's start by defining some terms.
</p>
-<h1 id="SomeMITAFSterminology">Some MIT/AFS terminology</h1>
+<h2 id="SomeMITAFSterminology">Some MIT/AFS terminology</h2>
<dl><dt><strong>locker</strong></dt><dd>
For practical purposes, a folder. Probably the what you'll care about most of the time. Technically any directory mountable under /mit, regardless of how its stored. Today, most lockers lockers are stored in AFS.
</dd></dl>
</dd></dl>
<dl><dt><strong>cell</strong></dt><dd>
-AFS concept of an "administrative domain of authority." Each cell has its own set of users, groups, and administrators. Analogous to a Kerberos realm. Each top-level directory in /afs corresponds to a cell. The cells you are most likely to care about are {{athena.mit.edu}} and {{sipb.mit.edu}}.
+AFS concept of an "administrative domain of authority." Each cell has its own set of users, groups, and administrators. Analogous to a Kerberos realm. Each top-level directory in /afs corresponds to a cell. The cells you are most likely to care about are <tt>athena.mit.edu</tt> and <tt>sipb.mit.edu</tt>.
</dd></dl>
-<h1 id="TheBasics">The Basics</h1>
+<h2 id="TheBasics">The Basics</h2>
<h2 id="TheLayoutofaTypicalMITLocker">The Layout of a Typical MIT Locker</h2>
<p>
Every Athena user has a locker (their home directory), which mounts at <tt>/mit/<username></tt>. From a technical standpoint, it is stored in the volume <tt>user.<username></tt> which is located at <tt>/afs/athena.mit.edu/user/<first letter>/<second letter>/<user name></tt>. For example, the user <tt>joeuser</tt> has a home directory that mounts at <tt>/mit/joeuser</tt>, is volume <tt>user.joeuser</tt>, and is accessible at <tt>/afs/user/j/o/joeuser</tt>. Lockers for projects, software, classes, living groups, and student groups are all mounted at <tt>/mit/<lockername></tt> and stored at various places in AFS.
If this information is good enough for you, then you are done. If not, read on.
</p>
-<h1 id="CommonTasks">Common Tasks</h1>
+<h2 id="CommonTasks">Common Tasks</h2>
<h2 id="ControllingWhocanAccessFiles">Controlling Who can Access Files</h2>
<p>
You may be familiar with Unix permissions. Sad to say, but that knowledge is basically useless here. Whereas Unix permissions, are per-file, AFS permissions are controlled by <strong>Access Control List</strong>s (<strong>ACL</strong>s) on a per-directory basis.
</limit>
</pre></li></ul><ul><li>You can require the reader be (a) specific user(s), for example:
<pre> <limit GET>
- require user fawkes jflorey siptest jarandom
+ require user fawkes jflorey sipbtest jarandom
</limit>
</pre></li><li>You can require that the reader be a member of one of certain moira groups (notice these are <strong>moira</strong> groups, there is no "system:". For example:
require group sipb-staff sipb-prospectives
</limit>
</pre></li></ul><p>
-There after the users should be able to get to the folders at <tt>http'''s'''://web.mit.edu/<locker>/<path to folder></tt> if they have certificates and no one should be able to reach it via http. Make sure to add yourself if you are going to be accessing it.
+There after the users should be able to get to the folders at <tt>http<b>s</b>://web.mit.edu/<locker>/<path to folder></tt> if they have certificates and no one should be able to reach it via http. Make sure to add yourself if you are going to be accessing it.
</p>
<p>
see also: <a href="http://web.mit.edu/is/web/reference/web-resources/https.html">http://web.mit.edu/is/web/reference/web-resources/https.html</a>
</p>
-<h1 id="Troubleshooting">Troubleshooting</h1>
+<h2 id="Troubleshooting">Troubleshooting</h2>
<h3 id="ImtryingtoaccessmyfilesfslasaysIshouldhavepermissionsherebutitstillsays:Permissiondenied">I'm trying to access my files, <tt>fs la</tt> says I should have permissions here, but it still says <tt>: Permission denied</tt></h3>
<p>
There are two likely possibilities. First, its likely that your tokens may have expired. To get new tokens, make sure you have valid kerberos tickets and then run <tt>aklog</tt>. Another possibility is that you have tokens but not for the correct cell. <tt>tokens</tt> will tell you what tokens you already have. In all likelihood, if you are reading this, you probably want <tt>aklog athena sipb</tt>. Finally, a third possibility is that your group membership has changed since you acquired tokens. Try running <tt>aklog -force</tt>
<p>
There may be a non-scheduled AFS outage. Check <a href="http://3down.mit.edu">3down</a>, hopefully it will be back up soon :-(.
</p>
-<h1 id="AdvancedTasks">Advanced Tasks</h1>
+<h2 id="AdvancedTasks">Advanced Tasks</h2>
<h2 id="PuttingSoftwareinaLocker">Putting Software in a Locker</h2>
<p>
The Athena environment was designed to allow software to run on several architectures on the same network. On modern Athena, this means 32-bit x86s running Linux, 64-bit x86s running Linux, and SPARCs running Solaris. To accommodate these these various architectures AFS (at least on Athena) has a notion of what systems are compatible with the operating system. You can find these by running <tt>fs sysname</tt>.
</p>
-<h1 id="SeeAlso">See Also</h1>
+<h2 id="SeeAlso">See Also</h2>
<p>SIPB's older guide, <a href="http://stuff.mit.edu/afs/sipb.mit.edu/project/doc/afs/html/afs-new.html">Inessential AFS</a> <br /> OpenAFS documentation at <a href="http://www.openafs.org/">http://www.openafs.org/</a>
</p>