X-Git-Url: https://sipb.mit.edu/gitweb.cgi/wiki.git/blobdiff_plain/3093368d834ec65a0062bfdd62c19e90892ae913..537314853f3a4cfc77e68bc74eddcd6921bb5a7e:/doc/afs-and-you.html diff --git a/doc/afs-and-you.html b/doc/afs-and-you.html index 59e05a6..2c41b22 100644 --- a/doc/afs-and-you.html +++ b/doc/afs-and-you.html @@ -1,4 +1,4 @@ - +[[!meta title="AFS and You"]]
    @@ -39,7 +39,7 @@ Mostly written by Donald Guy,
    drawn from a variety of sources.
    Credit goes to them, blame goes to him.

    -

    What is AFS?

    +

    What is AFS?

    The Andrew File System or AFS is a distributed network file system invented at Carnegie Mellon University as part of Project Andrew (approximately their equivalent of MIT's Project Athena). More importantly, it is the file system used to store most files on Athena today. This includes your personal home directory, the data and websites of many living groups and student groups on campus, and probably some of the software you run (if you ever use Athena clusters). (Though all user directories were migrated from NFS in the summer of 1992, some files probably still remain on NFS and, of course, various file systems are used on personal computers and servers.) @@ -50,7 +50,7 @@ The Andrew File System or AFS is a distributed

    For the most part, using AFS, particularly at MIT, is well-hidden and can be used like any other UNIX file system. For some things, you will need to know a bit more. Let's start by defining some terms.

    -

    Some MIT/AFS terminology

    +

    Some MIT/AFS terminology

    locker
    For practical purposes, a folder. Probably the what you'll care about most of the time. Technically any directory mountable under /mit, regardless of how its stored. Today, most lockers lockers are stored in AFS.
    @@ -59,9 +59,9 @@ Essentially proof to the AFS servers that you are who you say you are, thus allo
    cell
    -AFS concept of an "administrative domain of authority." Each cell has its own set of users, groups, and administrators. Analogous to a Kerberos realm. Each top-level directory in /afs corresponds to a cell. The cells you are most likely to care about are {{athena.mit.edu}} and {{sipb.mit.edu}}. +AFS concept of an "administrative domain of authority." Each cell has its own set of users, groups, and administrators. Analogous to a Kerberos realm. Each top-level directory in /afs corresponds to a cell. The cells you are most likely to care about are athena.mit.edu and sipb.mit.edu.
    -

    The Basics

    +

    The Basics

    The Layout of a Typical MIT Locker

    Every Athena user has a locker (their home directory), which mounts at /mit/<username>. From a technical standpoint, it is stored in the volume user.<username> which is located at /afs/athena.mit.edu/user/<first letter>/<second letter>/<user name>. For example, the user joeuser has a home directory that mounts at /mit/joeuser, is volume user.joeuser, and is accessible at /afs/user/j/o/joeuser. Lockers for projects, software, classes, living groups, and student groups are all mounted at /mit/<lockername> and stored at various places in AFS. @@ -112,7 +112,7 @@ activity.chess-club 1500000 13163 1% 90% If this information is good enough for you, then you are done. If not, read on.

    -

    Common Tasks

    +

    Common Tasks

    Controlling Who can Access Files

    You may be familiar with Unix permissions. Sad to say, but that knowledge is basically useless here. Whereas Unix permissions, are per-file, AFS permissions are controlled by Access Control Lists (ACLs) on a per-directory basis. @@ -206,7 +206,7 @@ Unfortunately, just because you add specific users to an AFS ACL does not mean t </limit>

    -There after the users should be able to get to the folders at http'''s'''://web.mit.edu/<locker>/<path to folder> if they have certificates and no one should be able to reach it via http. Make sure to add yourself if you are going to be accessing it. +There after the users should be able to get to the folders at https://web.mit.edu/<locker>/<path to folder> if they have certificates and no one should be able to reach it via http. Make sure to add yourself if you are going to be accessing it.

    see also: http://web.mit.edu/is/web/reference/web-resources/https.html

    -

    Troubleshooting

    +

    Troubleshooting

    I'm trying to access my files, fs la says I should have permissions here, but it still says : Permission denied

    There are two likely possibilities. First, its likely that your tokens may have expired. To get new tokens, make sure you have valid kerberos tickets and then run aklog. Another possibility is that you have tokens but not for the correct cell. tokens will tell you what tokens you already have. In all likelihood, if you are reading this, you probably want aklog athena sipb. Finally, a third possibility is that your group membership has changed since you acquired tokens. Try running aklog -force @@ -252,7 +252,7 @@ Yeah, most AFS servers restart weekly at 6 AM on Sunday.

    There may be a non-scheduled AFS outage. Check 3down, hopefully it will be back up soon :-(.

    -

    Advanced Tasks

    +

    Advanced Tasks

    Putting Software in a Locker

    The Athena environment was designed to allow software to run on several architectures on the same network. On modern Athena, this means 32-bit x86s running Linux, 64-bit x86s running Linux, and SPARCs running Solaris. To accommodate these these various architectures AFS (at least on Athena) has a notion of what systems are compatible with the operating system. You can find these by running fs sysname. @@ -300,7 +300,7 @@ While it is easily possible to make an AFS group for yourself, it is harder to g

    -

    See Also

    +

    See Also

    SIPB's older guide, Inessential AFS
    OpenAFS documentation at http://www.openafs.org/