Using AFS in SCSThe Andrew File System (AFS) named after the Andrews Carnegie and Mellon is a distributed client/server system that provides most SCS file-sharing services. SCS user accounts each have 1 GB of AFS space, and "Facilitized" Unix/Linux and Windows hosts include AFS clients.
The AFS system provides:
- Transparent access to files AFS files may reside on different servers but are accessed in the same way as files on your local disk, regardless of their actual physical location
- A uniform namespace A given AFS file has exactly the same pathname on any Unix host
- Secure, fine-grained access control File owners can specify precisely which users have access to AFS files and what rights they have
Some AFS concepts & terminology
- AFS, at the top level, is organized into cells, which correspond to separate administrative groups. SCS Computing Facilities administers the cs.cmu.edu cell, and there are other AFS cells on campus.
- Volumes & quotas
- Related directories in AFS are organized into units called volumes, each with its own quota that determines how much disk space it can use. For example, a user's personal home directory, typically /afs/cs.cmu.edu/user/<user_ID>, will live in its own AFS volume.
- File protections and ACLs
- AFS does not use standard Unix permissions to protect files but, instead, attaches an access control list (ACL) to each AFS directory (not each file) and controls most access according to the ACL constraints.
- Within SCS, AFS access is based on secure, limited-lifetime, tokens that you obtain when you login using your SCS Kerberos password or when you run kinit
- Backups & restores
- SCS Facilities backs up most AFS volumes automatically. See the AFS backups page for details.
See the AFS quick command reference for a brief summary of some AFS commands and the meaning of AFS permissions and special groups, and explore links in the "AFS concepts" section, above, for more detailed how-to information.
- Change your AFS password
- List your AFS tokens
- Authenticate to AFS on Unix hosts
- Perform cross-realm authentication
- Authenticate daemons to AFS
ACL & pts group tasks
- Display and set AFS ACLs
- Set the ACLs on a directory and all of its subdirectories
- Make a directory on AFS private
- Make a write-only "dropbox" directory in AFS
- Create and manage AFS pts groups
Requesting special-purpose AFS space
Additional resourcesThe following offsite link will open in a new browser window:
- The home of the OpenAFS project, including AFS downloads and detailed documentation on all aspects of AFS