[an error occurred while processing this directive] Advanced AFS

Advanced AFS

AFS Intro | F.A.Q. | Basic AFS | Advanced AFS | Kerberos | Features | Other Info

Table of Contents

  1. Advance Commands Summary
    1. fs --- File Commands
    2. pts --- Group Commands
    3. vos --- Server Commands
    4. kas --- Sysadmin Commands
  2. More Permissions
  3. Groups
    1. Maintaining Groups using the pts command
    2. pts Help, Shortcuts, And Tidbits
  4. File System Layout
    1. Paths in AFS
    2. /usr/pubsw
    3. Program Paths

1. Advance Commands Summary

These are some more advanced commands and their options, followed by some examples on how to use them.

  1. fs --- File Commands
    apropos search by help text
    checkservers check local cell's servers
    checkvolumes check volumeID/name mappings
    cleanacl clean up access control list
    copyacl copy access control list
    debug set debugging info
    diskfree show server disk space usage
    examine display volume status
    exportafs enable/disable translators to AFS
    flush flush file from cache
    flushvolume flush all data in volume
    getcacheparms get cache usage info
    getcellstatus get cell status
    getserverprefsget file server ranks
    help get help on commands
    listacl list access control list
    listcells list configured cells
    listquota list volume quota
    lsmount list mount point
    messages control Cache Manager messages
    mkmount make mount point
    monitor set cache monitor host address
    newcell configure new cell
    quota show volume quota usage
    rmmount remove mount point
    setacl set access control list
    setcachesize set cache size
    setcell set cell status
    setquota set volume quota
    setserverprefs set file server ranks
    setvol set volume status
    sysname get/set sysname (i.e. @sys) value
    whereis list file's location
    whichcell list file's cell
    wscell list workstation's cell

    Some fairly useful commands:

  2. pts --- Group Commands
    adduser add a user to a group
    apropos search by help text
    chown change ownership of a group
    creategroupcreate a new group
    createuser create a new user
    delete delete a user or group from database
    examine examine an entry
    help get help on commands
    listmax list max id
    listowned list groups owned by an entry or zero id gets orphaned groups
    membership list membership of a user or group
    removeuser remove a user from a group
    rename rename user or group
    setfields set fields for an entry
    setmax set max id
  3. vos --- Server Commands
    addsite add a replication site
    apropos search by help text
    backup make backup of a volume
    backupsys en masse backups
    changeaddr change the IP address of a file server
    create create a new volume
    delentry delete VLDB entry for a volume
    dump dump a volume
    examine everything about the volume
    help get help on commands
    listpart list partitions
    listvldb list volumes in the VLDB
    listvol list volumes on server (bypass VLDB)
    lock lock VLDB entry for a volume
    move move a volume
    partinfo list partition information
    release release a volume
    remove delete a volume
    remsite remove a replication site
    rename rename a volume
    restore restore a volume
    status report on volser status
    syncserv synchronize server with VLDB
    syncvldb synchronize VLDB with server
    unlock release lock on VLDB entry for a volume
    unlockvldb unlock all the locked entries in the VLDB
    zap delete the volume, don't bother with VLDB

    Some fairly useful commands:

  4. kas --- System Administration Commands
    apropos search by help text
    create create an entry for a user
    debuginfo show debugging info from AuthServer
    delete delete a user
    examine examine the entry for a user
    forgetticket delete ticket for a specific server
    getpassword get a user's password
    getrandomkey get a random key
    getticket get a ticket for a specific server
    help get help on commands
    interactive enter interactive mode
    list list all users in database
    listtickets show all cache manager tickets
    noauthenticationconnect to AuthServer w/o using token
    quit exit program
    setfields set various fields in a user's entry
    setkey set a user's key
    setpassword set a user's password
    statistics show statistics for AuthServer
    stringtokey convert a string to a key
    unlock Enable authentication ID after max failed attempts exceeded

2. More Permissions

The files contained within your AFS home directory use both AFS and Unix file permissions. The only Unix (NFS) permissions which are still applicable under AFS, however, are the permissions for the user. Unix permissions on directories are not used.

value -- permission code
400 -- r (Read)
Allows user with AFS read access (rl) to the directory to read or copy the file.
200 -- w (Write)
Allows user with AFS write access (wl) to modify or overwrite a file. Does NOT determine whether a user can delete the file, however. AFS delete (d) permission on the directory does that.
100 -- x (Execute)
Allows user with AFS read access (rl) to execute the file

For example, to give read and execute permission to a file named [filename], type either of the following:
chmod 500 [filename]
chmod u+rx [filename]

The first command uses the numeric code (read + execute = 400 + 100 = 500); the second command uses the letter code (user plus read execute).

For more info on Unix permissions, read the man page for chmod (type "man chmod") and ls. The command "ls -l" will display the Unix permissions for the files. The command "fs la" will display the AFS permissions for the files. They are not the same thing.

3. Groups

  1. Maintaining Groups -- Using The pts Command

    One neat thing about AFS is that you can create your own groups and grant permissions for individual AFS usernames. To be in a group or individually listed in an ACL, a person needs to have a kerberos password.

    The command pts and its suite of subcommands allows you to create your own groups. Suppose your accountname was "accountname". Here is a list of common pts commands:

    Creates a private group named accountname:groupname
    pts creategroup accountname:groupname

    Adds a user to the group accountname:groupname (you must own the group)
    pts adduser [username] accountname:groupname

    Remove user from the group accountname:groupname
    pts removeuser [username] accountname:groupname

    Delete the group accountname:groupname from existence
    pts delete accountname:groupname

    For a given directory, you can add a group to the acl. For example:
    fs sa project accountname:project read

  2. pts Help, Shortcuts, And Tidbits

    As expected, the pts commands have help options and abbreviations. See the man page for pts. You can also type:
    pts help lists pts commands
    pts [subcommand] -help lists syntax for pts subcommand

    Other useful pts commands are:
    pts membership [groupname] lists members of the group [groupname]
    pts listowned [username] lists groups owned by the user [username]

4. File System Layout

  1. Paths in AFS

  2. /usr/pubsw
    $ cardinal1:~ > ls /usr/pubsw
    X@apps/ etc/include/ man@share@
    X11R5/bin/ examples@info@ package/src@
    X11R6/doc@ help/lib/ sbin/
    $ ls /usr/pubsw/package
    00READMEFile/ Licensed/NOTES/ Shells/Web/
    Development/Fonts/ Local/Network/ Site/X/
    Dicts/Games/ Mail/News/ Sound/local@
    Doc/Graphics/ Math/OLD/ System/nosupport@
    Editors/Leland/ Misc/Security/ Text/unfiled/

  3. Interesting Program Paths

Back To AFS Main Page
DCC Home |  Customer
Assistance Home |  ITSS Home |  Stanford Home
Contact HelpSU.Stanford.EDU if you have questions about the Leland system.