1 / 18

Techy Information

Techy Information. Anandha Gopalan September 13, 2006. Outline. AFS overview Departmental software Departmental machines The ticket system Help !!!. AFS overview. What is AFS ? Andrew File System 1984 - Developed at CMU as part of Project Andrew

pilar
Télécharger la présentation

Techy Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Techy Information Anandha Gopalan September 13, 2006

  2. Outline • AFS overview • Departmental software • Departmental machines • The ticket system • Help !!!

  3. AFS overview • What is AFS ? • Andrew File System • 1984 - Developed at CMU as part of Project Andrew • 1989 - Transarc Corporation founded to commercialize AFS • 1998 - Transarc acquired by IBM • 2000 - IBM releases OpenAFS under the IBM Public License (IPL)

  4. Why AFS ? • Security: authentication via Kerberos 4 • Fine grained control over file permissions • Can give individual users access to files and directories • Accessible via both UNIX and Windows  • More information about clients: • http://www.openafs.org/

  5. AFS permissions • Access Control Lists (ACLs) grant permissions on a per user and group basis. Each directory has an ACL that controls the directory and the files in it • There are seven permissions that may be granted, to either groups of users or individuals • System-defined groups exist, but you can define your own groups • ACLs always are applied to directories rather than to individual files • Files are governed by the ACL on their directory • If you change the ACL on a directory, access to all of its files changes • Subdirectories inherit the ACLs of their parent directory

  6. AFS permissions • AFS ACLs work in conjunction with the standard Unix "owner" permissions. Only the owner permissions have an effect on AFS file access • Unix permissions for "group" and "other" do not affect AFS file access. • A user with appropriate AFS permissions can: • read a file only if the UNIX "owner read" mode is set. • write to a file only if the UNIX owner "read" and "write" modes are set. • execute a file only if the UNIX owner "read" and "execute" modes are set.

  7. AFS permissions • Lookup: l, allows a user to list the contents of the AFS directory, examine the ACL associated with the directory and access subdirectories. • Insert: i, allows a user to add new files or subdirectories to the directory. • Delete: d, allows a user to remove files and subdirectories from the directory. • Administer: a, allows a user to change the ACL for the directory. Users always have this right on their home directory, even if they accidentally remove themselves from the ACL. • Read: r, allows a user to look at the contents of files in a directory and list files in subdirectories. • Write: w, allows a user to modify files in a directory. • Lock: k, allows the processor to run programs that need to "flock" files in the directory.

  8. AFS permissions • System-groups in AFS • system:anyuser • Any user in the world who can gain access to your cell. This is a very broad group, and caution should always be used when granting any access to this group • system:authuser • Everyone who is currently authenticated in your cell • system:administrators • A few users in the cell who have been designated as AFS system administrators

  9. AFS pitfalls • I have –rw------- on my file, but it can still be read by others • Check the directory permissions • AFS works at the directory level, UNIX permissions are ignored • For a file to be executable, it still needs to have the correct UNIX permissions !!!

  10. AFS pitfalls • How do I check if I have safe permissions ? • /usr/local/bin/checkafsperms directory • This checks the permission on a directory • /usr/local/bin/checkafshierdirectory • This checks the permission on a directory hierarchy • These commands only work on Linux • These commands report if any directory has permissions: i,d,w,k,a

  11. AFS pitfalls • 2 GB file size limitation • Though you don’t really need this  • Tokens expire after 24 hours • A klog will get you new tokens • tokens will show available tokens • Use reauth to run programs > 24 hours • Cannot set recursive permissions    Workaround available   To give all permissions to user nemo recursively $ find . -type d -exec fs sa {} nemo all \;

  12. AFS directory setup • public • Directory that can be read and listed by all • Contains a directory html under which users can create their web pages etc... • private • Accessible only by the user • Backup • Link in the home directory which contains the backup that is a day old • For older backups, ask tech

  13. Special AFS user agents • mailserver • Any process using the mail server has this username • Can be used for spam filtering using spamassasin • webserver • Any process using the http protocol • Can be used for providing correct access to user web pages, cgi programs etc…

  14. Department software • Information about new software installed on Linux/Solaris can be found at: http://www.cs.pitt.edu/~tech/software • /usr/local/contrib contains software that is used by a small number of people, its either something new or experimental • You can contribute by installing s/w in this directory (ask tech about it) • /usr/local contains software that is needed and used by the majority of people in the department

  15. Departmental machines • The Linux machines • Can be accessed as: linux.cs.pitt.edu or elements.cs.pitt.edu • Some machines are: arsenic, antimony, oxygen, hydrogen, nitrogen, selenium • Solaris 9 machines • Can be accessed as: blitz.cs.pitt.edu and javalab.cs.pitt.edu, (need to use your pitt account for javalab.cs.pitt.edu)

  16. The ticket system • Any email sent to tech@cs.pitt.edu is logged into the ticket system • Issues a ticket number that is used to keep track of this ticket • Rather than sending an email, visit: http://ticket.cs.pitt.edu and login with your AFS username and password • Helps in keeping track of your tickets • Be clear when you ask for something • If necessary, mention your machine name, OS, room number  Trust me, it helps 

  17. HELP !!! • In case you are wondering: • How on this blue-green planet do I do this ????? • Some answers are provided at: http://www.cs.pitt.edu/~tech • Has a link to an FAQ with a lot of answers • Has a link to the tech newsletter • Has a link to the upgrades and software installation by the software TA

  18. ? ? ? ? ?

More Related