Index: openafs/doc/man-pages/Makefile.in diff -c openafs/doc/man-pages/Makefile.in:1.6 openafs/doc/man-pages/Makefile.in:1.6.4.1 *** openafs/doc/man-pages/Makefile.in:1.6 Wed Jan 25 00:59:38 2006 --- openafs/doc/man-pages/Makefile.in Mon May 18 19:38:15 2009 *************** *** 11,16 **** --- 11,18 ---- html: perl generate-html + LINKEDPAGES = klog pagsh tokens + dest: chmod +x install-man mkdir -p $(DEST)/man/man1 $(DEST)/man/man5 $(DEST)/man/man8 *************** *** 23,28 **** --- 25,35 ---- set -e; cd man8 && for M in *.8 ; do \ ../install-man $$M $(DEST)/man/man8/$$M ; \ done + set -e; for M in ${LINKEDPAGES}; do \ + NEWPAGE=$(DEST)/man/man1/$$M.krb.1 ; \ + test -h ${NEWPAGE} || ln -s $$M.1 ${NEWPAGE} ; \ + done + install: $(MAN1) $(MAN8) chmod +x install-man *************** *** 37,39 **** --- 44,50 ---- set -e; cd man8 && for M in *.8 ; do \ ../install-man $$M $(DESTDIR)$(mandir)/man8/$$M ; \ done + set -e; for M in ${LINKEDPAGES}; do \ + NEWPAGE=$(DESTDIR)$(mandir)/man1/$$M.krb.1 ; \ + test -h ${NEWPAGE} || ln -s $$M.1 ${NEWPAGE} ; \ + done Index: openafs/doc/man-pages/NTMakefile diff -c openafs/doc/man-pages/NTMakefile:1.1.2.3 openafs/doc/man-pages/NTMakefile:1.1.2.5 *** openafs/doc/man-pages/NTMakefile:1.1.2.3 Sun Jun 29 00:54:27 2008 --- openafs/doc/man-pages/NTMakefile Mon May 25 19:54:06 2009 *************** *** 27,36 **** !INCLUDE ..\..\src\config\NTMakefile.$(SYS_NAME) ! install: @echo Building man pages in HTML format perl generate-html clean:: $(CD) html $(DEL) /s *.html --- 27,352 ---- !INCLUDE ..\..\src\config\NTMakefile.$(SYS_NAME) ! PODS = \ ! pod1\afs.pod \ ! pod1\afsmonitor.pod \ ! pod1\aklog.pod \ ! pod1\cmdebug.pod \ ! pod1\compile_et.pod \ ! pod1\copyauth.pod \ ! pod1\dlog.pod \ ! pod1\dpass.pod \ ! pod1\fs.pod \ ! pod1\fs_apropos.pod \ ! pod1\fs_checkservers.pod \ ! pod1\fs_checkvolumes.pod \ ! pod1\fs_cleanacl.pod \ ! pod1\fs_copyacl.pod \ ! pod1\fs_cscpolicy.pod \ ! pod1\fs_diskfree.pod \ ! pod1\fs_examine.pod \ ! pod1\fs_exportafs.pod \ ! pod1\fs_flush.pod \ ! pod1\fs_flushall.pod \ ! pod1\fs_flushmount.pod \ ! pod1\fs_flushvolume.pod \ ! pod1\fs_getcacheparms.pod \ ! pod1\fs_getcalleraccess.pod \ ! pod1\fs_getcellstatus.pod \ ! pod1\fs_getclientaddrs.pod \ ! pod1\fs_getcrypt.pod \ ! pod1\fs_getfid.pod \ ! pod1\fs_getserverprefs.pod \ ! pod1\fs_help.pod \ ! pod1\fs_listacl.pod \ ! pod1\fs_listaliases.pod \ ! pod1\fs_listcells.pod \ ! pod1\fs_listquota.pod \ ! pod1\fs_lsmount.pod \ ! pod1\fs_memdump.pod \ ! pod1\fs_messages.pod \ ! pod1\fs_minidump.pod \ ! pod1\fs_mkmount.pod \ ! pod1\fs_monitor.pod \ ! pod1\fs_newalias.pod \ ! pod1\fs_newcell.pod \ ! pod1\fs_quota.pod \ ! pod1\fs_rmmount.pod \ ! pod1\fs_rxstatpeer.pod \ ! pod1\fs_rxstatproc.pod \ ! pod1\fs_setacl.pod \ ! pod1\fs_setcachesize.pod \ ! pod1\fs_setcbaddr.pod \ ! pod1\fs_setcell.pod \ ! pod1\fs_setclientaddrs.pod \ ! pod1\fs_setcrypt.pod \ ! pod1\fs_setquota.pod \ ! pod1\fs_setserverprefs.pod \ ! pod1\fs_setvol.pod \ ! pod1\fs_storebehind.pod \ ! pod1\fs_sysname.pod \ ! pod1\fs_trace.pod \ ! pod1\fs_uuid.pod \ ! pod1\fs_whereis.pod \ ! pod1\fs_whichcell.pod \ ! pod1\fs_wscell.pod \ ! pod1\klog.krb5.pod \ ! pod1\klog.pod \ ! pod1\knfs.pod \ ! pod1\kpasswd.pod \ ! pod1\livesys.pod \ ! pod1\package_test.pod \ ! pod1\pagsh.pod \ ! pod1\pts.pod \ ! pod1\pts_adduser.pod \ ! pod1\pts_apropos.pod \ ! pod1\pts_chown.pod \ ! pod1\pts_creategroup.pod \ ! pod1\pts_createuser.pod \ ! pod1\pts_delete.pod \ ! pod1\pts_examine.pod \ ! pod1\pts_help.pod \ ! pod1\pts_interactive.pod \ ! pod1\pts_listentries.pod \ ! pod1\pts_listmax.pod \ ! pod1\pts_listowned.pod \ ! pod1\pts_membership.pod \ ! pod1\pts_quit.pod \ ! pod1\pts_removeuser.pod \ ! pod1\pts_rename.pod \ ! pod1\pts_setfields.pod \ ! pod1\pts_setmax.pod \ ! pod1\pts_sleep.pod \ ! pod1\pts_source.pod \ ! pod1\rxdebug.pod \ ! pod1\rxgen.pod \ ! pod1\scout.pod \ ! pod1\symlink.pod \ ! pod1\symlink_list.pod \ ! pod1\symlink_make.pod \ ! pod1\symlink_remove.pod \ ! pod1\sys.pod \ ! pod1\tokens.pod \ ! pod1\translate_et.pod \ ! pod1\udebug.pod \ ! pod1\unlog.pod \ ! pod1\up.pod \ ! pod1\vos.pod \ ! pod1\vos_addsite.pod \ ! pod1\vos_apropos.pod \ ! pod1\vos_backup.pod \ ! pod1\vos_backupsys.pod \ ! pod1\vos_changeaddr.pod \ ! pod1\vos_changeloc.pod \ ! pod1\vos_clone.pod \ ! pod1\vos_convertROtoRW.pod \ ! pod1\vos_copy.pod \ ! pod1\vos_create.pod \ ! pod1\vos_delentry.pod \ ! pod1\vos_dump.pod \ ! pod1\vos_examine.pod \ ! pod1\vos_help.pod \ ! pod1\vos_listaddrs.pod \ ! pod1\vos_listpart.pod \ ! pod1\vos_listvldb.pod \ ! pod1\vos_listvol.pod \ ! pod1\vos_lock.pod \ ! pod1\vos_move.pod \ ! pod1\vos_offline.pod \ ! pod1\vos_online.pod \ ! pod1\vos_partinfo.pod \ ! pod1\vos_release.pod \ ! pod1\vos_remove.pod \ ! pod1\vos_remsite.pod \ ! pod1\vos_rename.pod \ ! pod1\vos_restore.pod \ ! pod1\vos_setfields.pod \ ! pod1\vos_shadow.pod \ ! pod1\vos_size.pod \ ! pod1\vos_status.pod \ ! pod1\vos_syncserv.pod \ ! pod1\vos_syncvldb.pod \ ! pod1\vos_unlock.pod \ ! pod1\vos_unlockvldb.pod \ ! pod1\vos_zap.pod \ ! pod1\xstat_cm_test.pod \ ! pod1\xstat_fs_test.pod \ ! pod5\afs.pod \ ! pod5\afsmonitor.pod \ ! pod5\afszcm.cat.pod \ ! pod5\afs_cache.pod \ ! pod5\afs_volume_header.pod \ ! pod5\AuthLog.dir.pod \ ! pod5\AuthLog.pod \ ! pod5\BackupLog.pod \ ! pod5\bdb.DB0.pod \ ! pod5\BosConfig.pod \ ! pod5\BosLog.pod \ ! pod5\butc.pod \ ! pod5\butc_logs.pod \ ! pod5\cacheinfo.pod \ ! pod5\CellAlias.pod \ ! pod5\CellServDB.pod \ ! pod5\FileLog.pod \ ! pod5\fms.log.pod \ ! pod5\FORCESALVAGE.pod \ ! pod5\kaserver.DB0.pod \ ! pod5\kaserverauxdb.pod \ ! pod5\KeyFile.pod \ ! pod5\krb.conf.pod \ ! pod5\NetInfo.pod \ ! pod5\NetRestrict.pod \ ! pod5\NoAuth.pod \ ! pod5\package.pod \ ! pod5\prdb.DB0.pod \ ! pod5\SALVAGE.fs.pod \ ! pod5\salvage.lock.pod \ ! pod5\SalvageLog.pod \ ! pod5\sysid.pod \ ! pod5\tapeconfig.pod \ ! pod5\ThisCell.pod \ ! pod5\UserList.pod \ ! pod5\uss.pod \ ! pod5\uss_bulk.pod \ ! pod5\vldb.DB0.pod \ ! pod5\VLLog.pod \ ! pod5\VolserLog.pod \ ! pod8\afsd.pod \ ! pod8\asetkey.pod \ ! pod8\backup.pod \ ! pod8\backup_adddump.pod \ ! pod8\backup_addhost.pod \ ! pod8\backup_addvolentry.pod \ ! pod8\backup_addvolset.pod \ ! pod8\backup_apropos.pod \ ! pod8\backup_dbverify.pod \ ! pod8\backup_deldump.pod \ ! pod8\backup_deletedump.pod \ ! pod8\backup_delhost.pod \ ! pod8\backup_delvolentry.pod \ ! pod8\backup_delvolset.pod \ ! pod8\backup_diskrestore.pod \ ! pod8\backup_dump.pod \ ! pod8\backup_dumpinfo.pod \ ! pod8\backup_help.pod \ ! pod8\backup_interactive.pod \ ! pod8\backup_jobs.pod \ ! pod8\backup_kill.pod \ ! pod8\backup_labeltape.pod \ ! pod8\backup_listdumps.pod \ ! pod8\backup_listhosts.pod \ ! pod8\backup_listvolsets.pod \ ! pod8\backup_quit.pod \ ! pod8\backup_readlabel.pod \ ! pod8\backup_restoredb.pod \ ! pod8\backup_savedb.pod \ ! pod8\backup_scantape.pod \ ! pod8\backup_setexp.pod \ ! pod8\backup_status.pod \ ! pod8\backup_volinfo.pod \ ! pod8\backup_volrestore.pod \ ! pod8\backup_volsetrestore.pod \ ! pod8\bos.pod \ ! pod8\bosserver.pod \ ! pod8\bos_addhost.pod \ ! pod8\bos_addkey.pod \ ! pod8\bos_adduser.pod \ ! pod8\bos_apropos.pod \ ! pod8\bos_create.pod \ ! pod8\bos_delete.pod \ ! pod8\bos_exec.pod \ ! pod8\bos_getdate.pod \ ! pod8\bos_getlog.pod \ ! pod8\bos_getrestart.pod \ ! pod8\bos_help.pod \ ! pod8\bos_install.pod \ ! pod8\bos_listhosts.pod \ ! pod8\bos_listkeys.pod \ ! pod8\bos_listusers.pod \ ! pod8\bos_prune.pod \ ! pod8\bos_removehost.pod \ ! pod8\bos_removekey.pod \ ! pod8\bos_removeuser.pod \ ! pod8\bos_restart.pod \ ! pod8\bos_salvage.pod \ ! pod8\bos_setauth.pod \ ! pod8\bos_setcellname.pod \ ! pod8\bos_setrestart.pod \ ! pod8\bos_shutdown.pod \ ! pod8\bos_start.pod \ ! pod8\bos_startup.pod \ ! pod8\bos_status.pod \ ! pod8\bos_stop.pod \ ! pod8\bos_uninstall.pod \ ! pod8\bos_util.pod \ ! pod8\buserver.pod \ ! pod8\butc.pod \ ! pod8\fileserver.pod \ ! pod8\fms.pod \ ! pod8\fstrace.pod \ ! pod8\fstrace_apropos.pod \ ! pod8\fstrace_clear.pod \ ! pod8\fstrace_dump.pod \ ! pod8\fstrace_help.pod \ ! pod8\fstrace_lslog.pod \ ! pod8\fstrace_lsset.pod \ ! pod8\fstrace_setlog.pod \ ! pod8\fstrace_setset.pod \ ! pod8\ka-forwarder.pod \ ! pod8\kadb_check.pod \ ! pod8\kas.pod \ ! pod8\kaserver.pod \ ! pod8\kas_apropos.pod \ ! pod8\kas_create.pod \ ! pod8\kas_delete.pod \ ! pod8\kas_examine.pod \ ! pod8\kas_forgetticket.pod \ ! pod8\kas_help.pod \ ! pod8\kas_interactive.pod \ ! pod8\kas_list.pod \ ! pod8\kas_listtickets.pod \ ! pod8\kas_noauthentication.pod \ ! pod8\kas_quit.pod \ ! pod8\kas_setfields.pod \ ! pod8\kas_setpassword.pod \ ! pod8\kas_statistics.pod \ ! pod8\kas_stringtokey.pod \ ! pod8\kas_unlock.pod \ ! pod8\kdb.pod \ ! pod8\kpwvalid.pod \ ! pod8\package.pod \ ! pod8\prdb_check.pod \ ! pod8\ptserver.pod \ ! pod8\pt_util.pod \ ! pod8\read_tape.pod \ ! pod8\restorevol.pod \ ! pod8\rmtsysd.pod \ ! pod8\salvager.pod \ ! pod8\salvageserver.pod \ ! pod8\upclient.pod \ ! pod8\upserver.pod \ ! pod8\uss.pod \ ! pod8\uss_add.pod \ ! pod8\uss_apropos.pod \ ! pod8\uss_bulk.pod \ ! pod8\uss_delete.pod \ ! pod8\uss_help.pod \ ! pod8\vldb_check.pod \ ! pod8\vldb_convert.pod \ ! pod8\vlserver.pod \ ! pod8\voldump.pod \ ! pod8\volinfo.pod \ ! pod8\volserver.pod \ ! pod8\vsys.pod \ ! pod8\xfs_size_check.pod ! ! html\index.html: $(PODS) @echo Building man pages in HTML format perl generate-html + + install: html\index.html + clean:: $(CD) html $(DEL) /s *.html Index: openafs/doc/man-pages/README diff -c openafs/doc/man-pages/README:1.8.2.24 openafs/doc/man-pages/README:1.8.2.35 *** openafs/doc/man-pages/README:1.8.2.24 Mon Mar 16 22:30:01 2009 --- openafs/doc/man-pages/README Mon May 18 19:38:15 2009 *************** *** 229,261 **** don't just report the deficiency again, but any contributions towards fixing it are greatly appreciated. - * The following installed commands have no man pages: - - compile_et.afs - copyauth - fs cscpolicy - fs getfid - fs memdump - fs monitor - fs rxstatpeer - fs rxstatproc - fs setcbaddr - fs trace - klog.krb - krb.conf - pagsh.krb - restorevol - rmtsysd - tokens.krb - vsys - * Add -noresolve to the documentation of all the vos commands. - * klog.krb, pagsh.krb, and tokens.krb need to be listed as alternative - names in the NAME line of the non-.krb man pages, links should be - installed on man page installation, and the behavior of pagsh.krb - should be documented in the pagsh man page. - * Some of the documentation in fs getserverprefs needs minor updates to reflect what happens in the dynroot case. --- 229,236 ---- *************** *** 278,285 **** * The salvager actually creates a bunch of SalvageLog files and then combines them, but the SalvageLog man page doesn't reflect this. - * The CellServDB documentation hasn't been updated for -dynroot. - * The aklog man page isn't in POD. (Neither is the mpp man page, but I don't think we care about it and it's not currently installed.) --- 253,258 ---- Index: openafs/doc/man-pages/pod1/compile_et.pod diff -c /dev/null openafs/doc/man-pages/pod1/compile_et.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod1/compile_et.pod Mon May 18 19:33:02 2009 *************** *** 0 **** --- 1,83 ---- + =head1 NAME + + compile_et - Produce error text tables for compilation + + =head1 SYNOPSIS + + =for html +
+ + B [B<-debug>] S<<< [B<-language> >] >>> + S<<< [B<-prefix> >] >>> [B<-v> >] > + + =for html +
+ + =head1 DESCRIPTION + + The B command builds the error text tables for compilation. + This includes both a header file that contains a set of mappings between + error names and values and a F<.c> (or F<.msf>) file that provides a text + table of descriptions. + + The > argument specifies which error table to generate. + The error table specification should exist in the current working + directory or in the directory specified with B<-prefix> and should be + named F. + + =head1 CAUTIONS + + This command is used internally within the build process for OpenAFS. + Most users will access this information via L rather than + via B. + + This command does not use the standard AFS command-line parsing package. + + =head1 OPTIONS + + =over 4 + + =item B<-debug> + + Does nothing. It neither adds debugging information to the output nor + provides additional information on its operation. + + =item B<-language> > + + Specifies the type of output to generate. Currently, only ANSI C and K&R + are supported values (via the B and B values, respectively). + The default is ANSI C. There is some support for C++ started, but that is + not yet supported. + + =item B<-prefix > + + Specifies the directory to search for the F file. + + =item B<-v> > + + Specified the type of output file: valid values are 1 (the default, for C + files) or 2, for B<.msf> file generation. + + =back + + =head1 EXAMPLES + + The following command generates the files F and F, + suitable for use with C programs: + + % compile_et -p path/to/src/ptserver pterror + + The following command generates K&R style files instead: + + % compile_et -p path/to/src/ptserver -lang 'k&r-c' pterror + + =head1 SEE ALSO + + L + + =head1 COPYRIGHT + + Copyright 2009 Steven Jenkins + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Steven Jenkins for OpenAFS. Index: openafs/doc/man-pages/pod1/copyauth.pod diff -c /dev/null openafs/doc/man-pages/pod1/copyauth.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod1/copyauth.pod Mon May 18 19:33:26 2009 *************** *** 0 **** --- 1,44 ---- + =head1 NAME + + copyauth - Copies user's AFS credentials to a new cell + + =head1 SYNOPSIS + + =for html +
+ + B S<<< > >>> + + =for html +
+ + =head1 DESCRIPTION + + The B command copies existing AFS credentials in the local + cell to the foreign cell specified on the command line. + + The functionality in this command is largely superseded by L. + + =head1 CAUTIONS + + This functionality only works if you have a shared AFS key across multiple + cells, which is strongly discouraged as it weakens security. If you do + not understand those risks, you should not use this tool. + + =head1 EXAMPLES + + % copyauth other.cell.org + + =head1 PRIVILEGE REQUIRED + + None. + + =head1 SEE ALSO + + L, + L + + =head1 COPYRIGHT + + This documentation was written by Steven Jenkins and is covered + by the IBM Public License Version 1.0. Index: openafs/doc/man-pages/pod1/fs.pod diff -c openafs/doc/man-pages/pod1/fs.pod:1.4.2.4 openafs/doc/man-pages/pod1/fs.pod:1.4.2.7 *** openafs/doc/man-pages/pod1/fs.pod:1.4.2.4 Tue Dec 25 17:26:43 2007 --- openafs/doc/man-pages/pod1/fs.pod Mon May 18 19:33:43 2009 *************** *** 23,28 **** --- 23,29 ---- L|fs_getserverprefs(1)>, L|fs_listcells(1)>, L|fs_newcell(1)>, + L|fs_setcbaddr(1)>, L|fs_setcell(1)>, L|fs_setcrypt(1)>, L|fs_setserverprefs(1)>, *************** *** 45,50 **** --- 46,52 ---- given file or directory: L|fs_diskfree(1)>, L|fs_examine(1)>, + L|fs_getfid(1)>, L|fs_listquota(1)>, L|fs_quota(1)>, L|fs_setquota(1)>, *************** *** 56,61 **** --- 58,64 ---- Commands to administer the local client cache and related information: L|fs_checkvolumes(1)>, + L|fs_cscpolicy(1)>, L|fs_flush(1)>, L|fs_flushall(1)>, L|fs_flushvolume(1)>, *************** *** 75,81 **** Commands to control monitoring and tracing: L|fs_debug(1)>, ! and L|fs_messages(1)>. =item * --- 78,90 ---- Commands to control monitoring and tracing: L|fs_debug(1)>, ! L|fs_memdump(1)>, ! L|fs_messages(1)>, ! L|fs_minidump(1)>, ! L|fs_monitor(1)>, ! L|fs_rxstatpeer(1)>, ! L|fs_rxstatproc(1)>, ! and L|fs_trace(1)>. =item * *************** *** 184,189 **** --- 193,199 ---- L, L, L, + L, L, L, L, *************** *** 196,201 **** --- 206,212 ---- L, L, L, + L, L, L, L, *************** *** 203,216 **** --- 214,233 ---- L, L, L, + L, L, + L, L, + L, L, L, L, L, + L, + L, L, L, + L, L, L, L, *************** *** 219,224 **** --- 236,242 ---- L, L, L, + L, L, L, L Index: openafs/doc/man-pages/pod1/fs_cscpolicy.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_cscpolicy.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod1/fs_cscpolicy.pod Sun May 17 23:40:27 2009 *************** *** 0 **** --- 1,107 ---- + =head1 NAME + + fs_cscpolicy - Change client side caching policy for AFS shares + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-share> I [B<-manual>|B<-programs>|B<-documents>|B<-disable>] ] >>> + + =for html +
+ + =head1 DESCRIPTION + + The fs cscpolicy command sets the client side caching policy for a + particular AFS share, or displays a list of policies. + + This command can change the policy of only one share at a time. + + Only one of the policy options B<-manual>, B<-programs>, B<-documents>, or + B<-disable>, may be selected. The default policy is B<-manual>. + + After changing the policy for a share, you must close all applications + that accessed files on this share, or restart AFS Client, for the change + to take effect. + + =head1 CAUTIONS + + This command is only available on Windows. + + Use of this functionality is not recommended. Windows Offline Folders do + not work well with AFS since the AFS server is always present. When this + functionality was contributed and incorporated, it was believed to be safe + for the AFS cache manager to return BADNETPATH errors when a single file + server or volume was inaccessible. It is now known that returning such + errors causes the Microsoft SMB redirector to drop the connection to the + AFS server resulting in serious side effects. + + This functionality is specific to use with the Microsoft SMB redirector. + Client Side Caching (Offline Folders) is built into that driver and will + not be present in the native AFS redirector, so this functionality will be + removed at a future date. + + =head1 OPTIONS + + =over 4 + + =item B<-share> I + + The name of the share whose policy is to be changed. (If omitted, no + share policy is changed.) + + =item B<-manual> + + Specifies manual caching of documents. + + =item B<-programs> + + Specifies automatic caching of programs and documents. + + =item B<-documents> + + Specifies automatic caching of documents. + + =item B<-disable> + + Disables caching. + + =back + + =head1 OUTPUT + + When changing the policy of a share, the output is: + + CSC policy on share "share" changed to "policy". + Close all applications that accessed files on this share or restart AFS Client for the change to take effect. + + When displaying policies, the output is: + + policyname = policy + + =head1 EXAMPLES + + The following command disables all caching on the share "AFS1": + + % fs cscpolicy -share AFS1 -disable + + The following command displays all policies currently in effect: + + % fs cscpolicy + + =head1 PRIVILEGE REQUIRED + + The issuer must be have AFS Client Administrator access, either to display + or to set policies. + + In addition, to change policies, the issuer must be a Windows + Administrator, since policy information is stored in a protected area of + the Windows Registry. + + =head1 COPYRIGHT + + This document was written by Mike Robinson, and is released under the IBM + Public License Version 1.0. Jeffrey Altman made several corrections, + clarifications, and additions. Index: openafs/doc/man-pages/pod1/fs_getfid.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_getfid.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod1/fs_getfid.pod Sun May 17 23:40:27 2009 *************** *** 0 **** --- 1,82 ---- + =head1 NAME + + fs_getfid - Display the fid for a given path in AFS + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-path>] I >>> [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The fs getfid command displays the FID for a given path in AFS. The FID + is the internal identifier used by AFS encoding the volume name and the + file within a volume. + + =head1 CAUTIONS + + This command is not available on Windows prior to version 1.5.60. + + =head1 OPTIONS + + =over 4 + + =item B<-path> I + + The path of the file (or directory). + + =item B<-literal> + + Windows only: for a symlink or mount point, evaluates the specified object + rather than the object it refers to. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + The output contains the name of the file or directory, the FID, and the + volume containing the FID. The Windows version also outputs the object + type instead of using "File" to describe all objects. + + =head1 EXAMPLES + + On Unix: + + % fs getfid . + File . (536870918.1.1) contained in volume 536870918 + + % fs getfid /afs/example.com/foo + File /afs/example.com/foo (536870918.20404.20997) contained in volume 536870918 + + On Windows: + + % fs.exe getfid \\afs\example.edu\user\b\o\bob \ + \\afs\example.org\usr\bob\linktests\broken + Directory \\afs\example.edu\user\b\o\bob (537235559.1.1) contained in cell example.edu + fs: File '\\afs\example.org\usr\bob\linktests\broken' doesn't exist + + % fs.exe getfid \\afs\example.edu\user\b\o\bob \ + \\afs\example.org\usr\bob\linktests\broken -literal + Mountpoint \\afs\example.edu\user\b\o\bob (536873032.1162.16997) contained in cell example.edu + Symlink \\afs\example.org\usr\bob\linktests\broken (536874416.27618.488969) contained in cell example.org + + =head1 PRIVILEGE REQUIRED + + The issuer must be have read access in the directory containing the path + to be resolved. + + =head1 COPYRIGHT + + This document was written by Steven Jenkins, and is released under the IBM + Public License Version 1.0. Jeffrey Altman made several suggestions and + additions. Index: openafs/doc/man-pages/pod1/fs_memdump.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_memdump.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod1/fs_memdump.pod Sun May 17 23:40:27 2009 *************** *** 0 **** --- 1,71 ---- + =head1 NAME + + fs_memdump - Dump AFS cache state and memory allocations + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-begin>|B<-end>] >>> + + =for html +
+ + =head1 DESCRIPTION + + This command dumps the state of AFS cache manager objects and statistics. + If a checked build of the C run-time library is in use, memory allocations + will also be included. + + =head1 CAUTIONS + + This command is only available on Windows. + + =head1 OPTIONS + + (One of either B<-begin> or B<-end> must be specified.) + + =over 4 + + =item B<-begin> + + Set a memory checkpoint. + + =item B<-end> + + Create a dump-file containing information about memory allocation that has + taken place since the B<-begin> command was issued. + + =back + + =head1 OUTPUT + + If successful, the output of this command (for B<-begin> I B<-end>) + will be: + + AFS memdump created + + If unsuccessful: + + AFS memdump failed + + =head1 EXAMPLES + + The following command starts a memory allocation dump: + + % fs memdump -begin + + The following command ends it: + + % fs memdump -end + + =head1 PRIVILEGE REQUIRED + + The issuer must be have AFS Client Administrator access to issue this + command. + + =head1 COPYRIGHT + + This document was written by Mike Robinson, and is released under the IBM + Public License Version 1.0. Index: openafs/doc/man-pages/pod1/fs_monitor.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_monitor.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod1/fs_monitor.pod Mon May 18 19:33:44 2009 *************** *** 0 **** --- 1,54 ---- + =head1 NAME + + fs_monitor - Enable client logging to a remote monitoring station + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-server> >] >>> [B<-help>] + + B S<<< [B<-server> >] >>> [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The B command (aka B) sets the cache monitor host + address (or turns it off). + + =head1 CAUTIONS + + This command is hidden since the necessary remote monitoring component, + B, is not part of OpenAFS. This system is not currently + distributed or supported. + + =head1 OPTIONS + + =over 4 + + =item B<-server> > + + Name (or address) of the B host that monitoring information + should be sent to. Setting the server to I turns off monitoring. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 PRIVILEGE REQUIRED + + The issuer must be super-user on the local machine. + + =head1 COPYRIGHT + + Copyright 2009 Steven Jenkins + + This documentation is covered by the BSD License as written in the + doc/LICENSE file. This man page was written by Steven Jenkins for + OpenAFS. Index: openafs/doc/man-pages/pod1/fs_rxstatpeer.pod diff -c openafs/doc/man-pages/pod1/fs_rxstatpeer.pod:1.1.2.3 openafs/doc/man-pages/pod1/fs_rxstatpeer.pod:1.1.2.4 *** openafs/doc/man-pages/pod1/fs_rxstatpeer.pod:1.1.2.3 Tue Dec 25 17:30:01 2007 --- openafs/doc/man-pages/pod1/fs_rxstatpeer.pod Sun May 17 23:40:54 2009 *************** *** 1,6 **** =head1 NAME ! fs_rxstatpeer - Enables Rx packet logging in the OpenAFS kernel module =head1 SYNOPSIS --- 1,6 ---- =head1 NAME ! fs_rxstatpeer - Manage per-peer Rx statistics collection =head1 SYNOPSIS *************** *** 57,62 **** --- 57,63 ---- =head1 SEE ALSO L, + L, L =head1 COPYRIGHT Index: openafs/doc/man-pages/pod1/fs_rxstatproc.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_rxstatproc.pod:1.1.2.3 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod1/fs_rxstatproc.pod Mon May 18 19:57:08 2009 *************** *** 0 **** --- 1,65 ---- + =head1 NAME + + fs_rxstatproc - Manage per-process Rx statistics collection + + =head1 SYNOPSIS + + =for html +
+ + B [B<-enable>] [B<-disable>] [B<-clear>] + + =for html +
+ + =head1 DESCRIPTION + + This command enables or disables the updating of RPC statistics counters + related to the entire RX process, or sets the accumulated counter values + back to zero. + + =head1 OPTIONS + + One or more of the following options must be specified: + + =over 4 + + =item B<-enable> + + Enable the collection of process RPC statistics + + =item B<-disable> + + Enable the collection of process RPC statistics + + =item B<-clear> + + Resets all trace counters to zero. + + =back + + =head1 OUTPUT + + This command produces no output other than error-messages. + + =head1 EXAMPLES + + The following command starts collecting statistics: + + % fs rxstatproc -enable + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged in as the local superuser root. + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2008. This documentation is covered by the BSD License as + written in the doc/LICENSE file. This man page was written by Mike + Robinson (L) for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_setcbaddr.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_setcbaddr.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod1/fs_setcbaddr.pod Sun May 17 23:40:54 2009 *************** *** 0 **** --- 1,49 ---- + =head1 NAME + + fs_setcbaddr - Configure IP address used for AFS callbacks + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-host> >] >>> + + =for html +
+ + =head1 DESCRIPTION + + B changes the IP address used by the client for callbacks. + + =head1 OPTIONS + + =over 4 + + =item B<-host> >] + + The new callback address. + + =back + + =head1 OUTPUT + + This command produces no output other than error messages. + + =head1 EXAMPLES + + % fs setcbaddr 10.2.4.23 + + =head1 PRIVILEGE REQUIRED + + The issuer must be the local superuser. + + =head1 SEE ALSO + + L + + =head1 COPYRIGHT + + Copyright 2008. This documentation is covered by the BSD License as + written in the doc/LICENSE file. This man page was written by Mike + Robinson (L) for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_trace.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_trace.pod:1.1.2.3 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod1/fs_trace.pod Mon May 18 19:57:08 2009 *************** *** 0 **** --- 1,86 ---- + =head1 NAME + + fs_trace - Enable or disable AFS Cache Manager tracing + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-on>|B<-off>] >>> [B<-reset>] [B<-dump>] + + =for html +
+ + =head1 DESCRIPTION + + This command enables or disables AFS Cache Manager tracing, resets the + trace log, or dumps the log. When you dump the log, two files are created + in the Windows Temporary directory: F and F. + Any existing files with those names will be replaced. + + =head1 CAUTIONS + + This command is only available on Windows. + + =head1 OPTIONS + + Any combination of the following options may be specified, except that + both B<-on> and B<-off> cannot be specified at the same time. + + =over 4 + + =item B<-on> + + Turn tracing on. + + =item B<-off> + + Turn tracing off. + + =item B<-reset> + + Resets the tracing information, discarding any trace-information collected + up to this time. + + =item B<-dump> + + Creates a dump file containing the trace information. + + =back + + =head1 OUTPUT + + If successful, the output of this command (for any option) will be: + + AFS tracing enabled + + If unsuccessful: + + AFS tracing disabled + + =head1 EXAMPLES + + The following command starts tracing: + + % fs trace -on + + The following dumps the current contents and resets the trace log, then + turns tracing off: + + % fs trace -dump -reset -off + + =head1 PRIVILEGE REQUIRED + + The issuer must be have AFS Client Administrator access to issue this + command. + + =head1 SEE ALSO + + L + + =head1 COPYRIGHT + + Copyright 2008. This documentation is covered by the BSD License as + written in the doc/LICENSE file. This man page was written by Mike + Robinson (L) for OpenAFS. Index: openafs/doc/man-pages/pod1/klog.pod diff -c openafs/doc/man-pages/pod1/klog.pod:1.4.2.1 openafs/doc/man-pages/pod1/klog.pod:1.4.2.2 *** openafs/doc/man-pages/pod1/klog.pod:1.4.2.1 Fri Jul 27 14:00:25 2007 --- openafs/doc/man-pages/pod1/klog.pod Mon May 18 19:38:15 2009 *************** *** 1,6 **** =head1 NAME ! klog - Authenticates with the Authentication Server =head1 SYNOPSIS --- 1,6 ---- =head1 NAME ! klog, klog.krb - Authenticates with the Authentication Server =head1 SYNOPSIS *************** *** 19,24 **** --- 19,31 ---- [B<-pi>] [B<-si>] S<<< [B<-l> >] >>> [B<-se>] [B<-t>] [B<-h>] + B [B<-x>] S<<< [B<-principal> >] >>> + [-password >] S<<< [B<-cell> >] >>> + S<<< [B<-servers> >+] >>> + [B<-pipe>] [B<-silent>] + S<<< [B<-lifetime> >] >>> + [B<-setpag>] [B<-tmp>] [B<-help>] + =for html *************** *** 54,60 **** B instead of B. Sites using Kerberos v4 authentication (perhaps with the AFS ! Authentication Server) must use the Kerberos version of this command, B, on all client machines. It automatically places the issuer's Kerberos tickets in the file named by the KRBTKFILE environment variable, which the B command defines automatically as F> --- 61,67 ---- B instead of B. Sites using Kerberos v4 authentication (perhaps with the AFS ! Authentication Server) should use the Kerberos version of this command, B, on all client machines. It automatically places the issuer's Kerberos tickets in the file named by the KRBTKFILE environment variable, which the B command defines automatically as F> Index: openafs/doc/man-pages/pod1/pagsh.pod diff -c openafs/doc/man-pages/pod1/pagsh.pod:1.4 openafs/doc/man-pages/pod1/pagsh.pod:1.4.2.1 *** openafs/doc/man-pages/pod1/pagsh.pod:1.4 Wed Mar 1 00:02:30 2006 --- openafs/doc/man-pages/pod1/pagsh.pod Mon May 18 19:38:15 2009 *************** *** 1,6 **** =head1 NAME ! pagsh - Creates a new PAG =head1 SYNOPSIS --- 1,6 ---- =head1 NAME ! pagsh, pagsh.krb - Creates a new PAG =head1 SYNOPSIS *************** *** 9,14 **** --- 9,16 ---- B + B + =for html *************** *** 24,32 **** Any tokens acquired subsequently (presumably for other cells) become associated with the PAG, rather than with the user's UNIX UID. This ! method for distinguishing users has two advantages. ! =over 4 =item * --- 26,34 ---- Any tokens acquired subsequently (presumably for other cells) become associated with the PAG, rather than with the user's UNIX UID. This ! method for distinguishing users has two advantages: ! =over 2 =item * *************** *** 49,54 **** --- 51,63 ---- =back + The (mostly obsolete) B command is the same as B except + that it also sets the KRBTKFILE environment variable, which controls the + default Kerberos v4 ticket cache, to F> where I is the + number of the user's PAG. This is only useful for AFS cells still using + Kerberos v4 outside of AFS and has no effect for cells using Kerberos v5 + and B or B. + =head1 CAUTIONS Each PAG created uses two of the memory slots that the kernel uses to *************** *** 98,103 **** --- 107,113 ---- =head1 SEE ALSO + L, L, L, L Index: openafs/doc/man-pages/pod1/pts.pod diff -c openafs/doc/man-pages/pod1/pts.pod:1.2.6.2 openafs/doc/man-pages/pod1/pts.pod:1.2.6.3 *** openafs/doc/man-pages/pod1/pts.pod:1.2.6.2 Mon Feb 4 12:53:44 2008 --- openafs/doc/man-pages/pod1/pts.pod Tue May 12 15:40:34 2009 *************** *** 129,134 **** --- 129,140 ---- and refuses to perform such an action even if the B<-noauth> flag is provided. + =item B<-encrypt> + + Establishes an authenticated, encrypted connection to the Protection Server. + It is useful when it is desired to obscure network traffic related to the + transactions being done. + =item B<-localauth> Constructs a server ticket using the server encryption key with the Index: openafs/doc/man-pages/pod1/tokens.pod diff -c openafs/doc/man-pages/pod1/tokens.pod:1.4 openafs/doc/man-pages/pod1/tokens.pod:1.4.2.1 *** openafs/doc/man-pages/pod1/tokens.pod:1.4 Wed Mar 1 00:02:30 2006 --- openafs/doc/man-pages/pod1/tokens.pod Mon May 18 19:38:15 2009 *************** *** 1,6 **** =head1 NAME ! tokens - Displays the issuer's tokens =head1 SYNOPSIS --- 1,6 ---- =head1 NAME ! tokens, tokens.krb - Displays the issuer's tokens =head1 SYNOPSIS *************** *** 11,26 **** B [B<-h>] =for html =head1 DESCRIPTION ! The tokens command displays all tokens (tickets) cached on the local machine for the issuer. AFS server processes require that their clients present a token as evidence that they have authenticated in the server's local cell. =head1 OPTIONS =over 4 --- 11,33 ---- B [B<-h>] + B [B<-help>] + + B [B<-h>] + =for html =head1 DESCRIPTION ! The B command displays all tokens (tickets) cached on the local machine for the issuer. AFS server processes require that their clients present a token as evidence that they have authenticated in the server's local cell. + The (mostly obsolete) B command is the same as B + except that it also displays the user's Kerberos v4 ticket cache. + =head1 OPTIONS =over 4 *************** *** 37,43 **** The output lists one token for each cell in which the user is authenticated. The output indicates the ! =over 4 =item * --- 44,50 ---- The output lists one token for each cell in which the user is authenticated. The output indicates the ! =over 2 =item * Index: openafs/doc/man-pages/pod1/vos_dump.pod diff -c openafs/doc/man-pages/pod1/vos_dump.pod:1.4.2.1 openafs/doc/man-pages/pod1/vos_dump.pod:1.4.2.3 *** openafs/doc/man-pages/pod1/vos_dump.pod:1.4.2.1 Sun Nov 11 18:51:05 2007 --- openafs/doc/man-pages/pod1/vos_dump.pod Tue May 26 21:24:49 2009 *************** *** 9,20 **** B S<<< B<-id> > >>> S<<< [B<-time> >] >>> S<<< [B<-file> >] >>> S<<< [B<-server> >] >>> ! S<<< [B<-partition> >] >>> S<<< [B<-cell> >] >>> ! [B<-noauth>] [B<-localauth>] [B<-verbose>] [B<-help>] B S<<< B<-i> > >>> S<<< [B<-t> >] >>> S<<< [B<-f> >] >>> S<<< [B<-s> >] >>> S<<< [B<-p> >] >>> ! S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-v>] [B<-h>] =for html --- 9,22 ---- B S<<< B<-id> > >>> S<<< [B<-time> >] >>> S<<< [B<-file> >] >>> S<<< [B<-server> >] >>> ! S<<< [B<-partition> >] >>> [B<-clone>] [B<-omitdirs>] ! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] ! [B<-verbose>] [B<-help>] B S<<< B<-i> > >>> S<<< [B<-t> >] >>> S<<< [B<-f> >] >>> S<<< [B<-s> >] >>> S<<< [B<-p> >] >>> ! [B<-cl>] [B<-o>] S<<< [B<-ce> >] >>> [B<-n>] [B<-l>] ! [B<-v>] [B<-h>] =for html *************** *** 130,135 **** --- 132,154 ---- Specifies the partition on which the volume resides. Provide the B<-server> argument along with this one. + =item B<-clone> + + Normally, B locks the volume and dumps it, which blocks writes + to the volume while the dump is in progress. If this flag is given, B will instead clone the volume first (similar to what B + would do) and then dumps the clone. This can significantly decrease the + amount of time the volume is kept locked for dumps of large volumes. + + =item B<-omitdirs> + + By default, B includes all directory objects in an incremental + dump whether they've been changed or not. If this option is given, + unchanged directories will be omitted. This will reduce the size of the + dump and not cause problems if the incremental is restored, as expected, + on top of a volume containing the correct directory structure (such as one + created by restoring previous full and incremental dumps). + =item B<-cell> Names the cell in which to run the command. Do not combine this argument *************** *** 187,192 **** --- 206,212 ---- =head1 SEE ALSO + L, L, L, L, Index: openafs/doc/man-pages/pod1/vos_restore.pod diff -c openafs/doc/man-pages/pod1/vos_restore.pod:1.4.2.1 openafs/doc/man-pages/pod1/vos_restore.pod:1.4.2.2 *** openafs/doc/man-pages/pod1/vos_restore.pod:1.4.2.1 Sun Nov 11 18:51:05 2007 --- openafs/doc/man-pages/pod1/vos_restore.pod Mon May 18 19:34:07 2009 *************** *** 221,226 **** --- 221,227 ---- =head1 SEE ALSO + L, L, L, L, Index: openafs/doc/man-pages/pod5/CellServDB.pod diff -c openafs/doc/man-pages/pod5/CellServDB.pod:1.1.6.1 openafs/doc/man-pages/pod5/CellServDB.pod:1.1.6.2 *** openafs/doc/man-pages/pod5/CellServDB.pod:1.1.6.1 Sun Jul 13 19:53:51 2008 --- openafs/doc/man-pages/pod5/CellServDB.pod Mon May 18 19:35:55 2009 *************** *** 15,24 **** Along with AFSDB entries in DNS, the client version of the CellServDB file lists the database server machines in the local cell and any foreign cell that is to be accessible from the local client machine. Database server ! machines run the Authentication Server (optional), Backup Server, ! Protection Server, and Volume Location (VL) Server (the B, ! B, B, and B) processes, which maintain the ! cell's administrative AFS databases. The Cache Manager and other processes running on a client machine use the list of a cell's database server machines when performing several common --- 15,24 ---- Along with AFSDB entries in DNS, the client version of the CellServDB file lists the database server machines in the local cell and any foreign cell that is to be accessible from the local client machine. Database server ! machines run the Authentication Server (optional), Backup Server ! (optional), Protection Server, and Volume Location (VL) Server (the ! B, B, B, and B) processes, which ! maintain the cell's administrative AFS databases. The Cache Manager and other processes running on a client machine use the list of a cell's database server machines when performing several common *************** *** 33,48 **** =item * ! Authenticating users. Client-side authentication programs (such as an ! AFS-modified login utility or the B command interpreter) contact the ! Authentication Server to obtain a server ticket, which the AFS server ! processes accept as proof that the user is authenticated. =item * ! Creating protection groups. The B command interpreter contacts the ! Protection Server when users create protection groups or request ! information from the Protection Database. =back --- 33,57 ---- =item * ! Creating, viewing, and manipulating protection groups. The B command ! interpreter contacts the Protection Server when users create protection ! groups or request information from the Protection Database. ! ! =item * ! ! Populating the contents of the fake F volume mounted at F ! (or the alternative mount point specified in F) when B is ! run in C<-dynroot> mode. The default contents of this directory will ! match the cells listed in the client F file. =item * ! Authenticating users. Client-side authentication programs (such as an ! AFS-modified login utility or the B command interpreter) contact the ! Authentication Server to obtain a server ticket, which the AFS server ! processes accept as proof that the user is authenticated. This only ! applies to AFS cells using the deprecated Authentication Server instead of ! Kerberos v5 and B. =back *************** *** 54,59 **** --- 63,76 ---- list of database server machines without rebooting, use the B command. + If the client attempts to access an AFS cell not listed in F + and B was started with the B<-afsdb> option, the Cache Manager will + attempt an AFSDB DNS record lookup and dynamically add the database server + locations for that cell based on the result of the DNS query. If the + B<-afsdb> option was not used, all AFS cells that will be accessed by a + client machine must either be listed in F or added with the + B command. + The F file is in ASCII format and must reside in the F directory on each AFS client machine. Use a text editor to create and maintain it. *************** *** 69,83 **** The server version of the F file lists the local cell's database server machines. These machines run the Authentication Server ! (optional), Backup Server, Protection Server, and Volume Location (VL) ! Server (the B, B, B, and B) ! processes, which maintain the cell's administrative AFS databases. The ! initial version of the file is created with the B command ! during the installation of the cell's server machine, which is ! automatically recorded as the cell's first database server machine. When ! adding or removing database server machines, be sure to update this file ! appropriately. It must reside in the F directory on each AFS ! server machine. The database server processes consult the F file to learn about their peers, with which they must maintain constant connections in --- 86,100 ---- The server version of the F file lists the local cell's database server machines. These machines run the Authentication Server ! (optional), Backup Server (optional), Protection Server, and Volume ! Location (VL) Server (the B, B, B, and ! B) processes, which maintain the cell's administrative AFS ! databases. The initial version of the file is created with the B command during the installation of the cell's server machine, ! which is automatically recorded as the cell's first database server ! machine. When adding or removing database server machines, be sure to ! update this file appropriately. It must reside in the F ! directory on each AFS server machine. The database server processes consult the F file to learn about their peers, with which they must maintain constant connections in Index: openafs/doc/man-pages/pod5/NetInfo.pod diff -c openafs/doc/man-pages/pod5/NetInfo.pod:1.2.6.1 openafs/doc/man-pages/pod5/NetInfo.pod:1.2.6.2 *** openafs/doc/man-pages/pod5/NetInfo.pod:1.2.6.1 Tue Jun 19 05:08:41 2007 --- openafs/doc/man-pages/pod5/NetInfo.pod Mon Apr 27 14:37:34 2009 *************** *** 80,88 **** --- 80,103 ---- appears on each line, in dotted decimal format. The order of the addresses is not significant. + Optionally, the File Server can be forced to use an IP address that does + not belong to one of the server interfaces. To do this, add a line to the + F file with the IP address prefixed with "f" and a space. This is + useful when the File Server is on the interal side of a NAT firewall. + To display the File Server interface addresses registered in the VLDB, use the B command. + =head1 EXAMPLES + + If the File Server is on the internal side of a NAT firewall, where it + serves internal clients using the IP address 192.168.1.123 and external + clients using the IP address 10.1.1.321, then the F file should + contain the following: + + 192.168.1.123 + f 10.1.1.321 + =head1 SEE ALSO L, Index: openafs/doc/man-pages/pod5/krb.conf.pod diff -c openafs/doc/man-pages/pod5/krb.conf.pod:1.1.2.2 openafs/doc/man-pages/pod5/krb.conf.pod:1.1.2.3 *** openafs/doc/man-pages/pod5/krb.conf.pod:1.1.2.2 Sun Jul 13 19:53:51 2008 --- openafs/doc/man-pages/pod5/krb.conf.pod Tue May 19 14:40:20 2009 *************** *** 4,10 **** =head1 DESCRIPTION ! /usr/vice/etc/krb.conf is an optional file that resides on an OpenAFS server and is used to specify which Kerberos5 realms are trusted to authenticate to the local AFS cell. The format of the file is one realm per line. If the Kerberos5 realm matches the AFS cell name --- 4,10 ---- =head1 DESCRIPTION ! /usr/afs/etc/krb.conf is an optional file that resides on an OpenAFS server and is used to specify which Kerberos5 realms are trusted to authenticate to the local AFS cell. The format of the file is one realm per line. If the Kerberos5 realm matches the AFS cell name Index: openafs/doc/man-pages/pod8/afsd.pod diff -c openafs/doc/man-pages/pod8/afsd.pod:1.6.2.7 openafs/doc/man-pages/pod8/afsd.pod:1.6.2.8 *** openafs/doc/man-pages/pod8/afsd.pod:1.6.2.7 Thu Mar 19 22:31:41 2009 --- openafs/doc/man-pages/pod8/afsd.pod Sat May 30 21:22:39 2009 *************** *** 25,31 **** [B<-nosettime>] S<<< [B<-prealloc> >] >>> [B<-rmtsys>] S<<< [B<-rootvol> >] >>> ! [B<-rxbind>] S<<< [B<-rxpck> value for rx_extraPackets ] >>> [B<-settime>] [B<-shutdown>] S<<< [B<-splitcache> >] >>> S<<< [B<-stat> >] >>> [B<-verbose>] --- 25,32 ---- [B<-nosettime>] S<<< [B<-prealloc> >] >>> [B<-rmtsys>] S<<< [B<-rootvol> >] >>> ! [B<-rxbind>] S<<< [B<-rxmaxmtu> value for maximum MTU ] >>> ! S<<< [B<-rxpck> value for rx_extraPackets ] >>> [B<-settime>] [B<-shutdown>] S<<< [B<-splitcache> >] >>> S<<< [B<-stat> >] >>> [B<-verbose>] *************** *** 628,633 **** --- 629,641 ---- Bind the Rx socket (one interface only). + =item B<-rxmaxmtu> > + + Set a limit for the largest maximum transfer unit (network packet size) that + the AFS client on this machine will be willing to transmit. This switch can + be used where an artificial limit on the network precludes packets as large + as the discoverable MTU from being transmitted successfully. + =item B<-rxpck> > Set rx_extraPackets to this value. This sets the number of extra Rx Index: openafs/doc/man-pages/pod8/bosserver.pod diff -c openafs/doc/man-pages/pod8/bosserver.pod:1.3.2.1 openafs/doc/man-pages/pod8/bosserver.pod:1.3.2.2 *** openafs/doc/man-pages/pod8/bosserver.pod:1.3.2.1 Tue Jan 22 23:18:10 2008 --- openafs/doc/man-pages/pod8/bosserver.pod Tue May 5 08:30:34 2009 *************** *** 8,14 ****
B [B<-noauth>] [B<-log>] [B<-enable_peer_stats>] ! [B<-enable_process_stats>] [B<-allow-dotted-principal>] [B<-help>] =for html
--- 8,14 ----
B [B<-noauth>] [B<-log>] [B<-enable_peer_stats>] ! [B<-enable_process_stats>] [B<-allow-dotted-principals>] [B<-help>] =for html
*************** *** 108,114 **** other machines. To display or otherwise access the records, use the Rx Monitoring API. ! =item B<-allow-dotted-principal> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid --- 108,114 ---- other machines. To display or otherwise access the records, use the Rx Monitoring API. ! =item B<-allow-dotted-principals> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid Index: openafs/doc/man-pages/pod8/fileserver.pod diff -c openafs/doc/man-pages/pod8/fileserver.pod:1.5.2.14 openafs/doc/man-pages/pod8/fileserver.pod:1.5.2.16 *** openafs/doc/man-pages/pod8/fileserver.pod:1.5.2.14 Tue Nov 11 21:31:12 2008 --- openafs/doc/man-pages/pod8/fileserver.pod Fri May 15 09:30:18 2009 *************** *** 139,145 **** Parameter (Argument) Small (-S) Medium Large (-L) --------------------------------------------------------------------- ! Number of LWPs (-p) 6 9 12 Number of cached dir blocks (-b) 70 90 120 Number of cached large vnodes (-l) 200 400 600 Number of cached small vnodes (-s) 200 400 600 --- 139,145 ---- Parameter (Argument) Small (-S) Medium Large (-L) --------------------------------------------------------------------- ! Number of LWPs (-p) 6 9 128 Number of cached dir blocks (-b) 70 90 120 Number of cached large vnodes (-l) 200 400 600 Number of cached small vnodes (-s) 200 400 600 *************** *** 402,408 **** Force the fileserver to only bind to one IP address. ! =item B<-allow-dotted-principal> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid --- 402,408 ---- Force the fileserver to only bind to one IP address. ! =item B<-allow-dotted-principals> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid Index: openafs/doc/man-pages/pod8/ptserver.pod diff -c openafs/doc/man-pages/pod8/ptserver.pod:1.3.2.4 openafs/doc/man-pages/pod8/ptserver.pod:1.3.2.5 *** openafs/doc/man-pages/pod8/ptserver.pod:1.3.2.4 Sun Aug 24 21:15:03 2008 --- openafs/doc/man-pages/pod8/ptserver.pod Tue May 5 08:30:34 2009 *************** *** 11,17 **** [B<-rebuildDB>] S<<< [B<-groupdepth> >] >>> S<<< [B<-default_access> > >] >>> [B<-restricted>] [B<-enable_peer_stats>] ! [B<-enable_process_stats>] [B<-allow-dotted-principal>] [B<-rxbind>] S<<< [B<-auditlog> >] >>> S<<< [B<-syslog>[=>]] >>> S<<< [B<-rxmaxmtu> >] >>> [B<-help>] --- 11,17 ---- [B<-rebuildDB>] S<<< [B<-groupdepth> >] >>> S<<< [B<-default_access> > >] >>> [B<-restricted>] [B<-enable_peer_stats>] ! [B<-enable_process_stats>] [B<-allow-dotted-principals>] [B<-rxbind>] S<<< [B<-auditlog> >] >>> S<<< [B<-syslog>[=>]] >>> S<<< [B<-rxmaxmtu> >] >>> [B<-help>] *************** *** 129,135 **** other machines. To display or otherwise access the records, use the Rx Monitoring API. ! =item B<-allow-dotted-principal> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to --- 129,135 ---- other machines. To display or otherwise access the records, use the Rx Monitoring API. ! =item B<-allow-dotted-principals> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to Index: openafs/doc/man-pages/pod8/restorevol.pod diff -c /dev/null openafs/doc/man-pages/pod8/restorevol.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod8/restorevol.pod Mon May 18 19:34:08 2009 *************** *** 0 **** --- 1,153 ---- + =head1 NAME + + restorevol - Restore a volume from vos dump to the local file system + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-file> >] >>> S<<< [B<-dir> > ] >>> + S<<< [B<-extension> >] >>> + S<<< [B<-mountpoint> >] >>> + S<<< [B<-umask> >] >>> [B<-verbose>] [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + B takes an AFS volume in the format produced by B + and restores it to the local file system. Normally, the contents of a + volume are maintained by the AFS File Server in an opaque format and + copying a volume's raw data does not make it easily accessible. This + utility will produce a directory tree that is equivalent to that seen via + an AFS client, but without preserving the AFS-specific Access Control + Lists (ACLs). It's primary use is to recover data from a volume dump or + backup and make it available via a filesystem other than AFS. + + The dump output will read from standard input, or from a file if B<-file> + is specified. + + The restore process is as follows: + + =over 4 + + =item 1. + + The dump file will be restored within the current directory or that + specified with B<-dir>. + + =item 2. + + Within this directory, a subdir is created. It's name is the RW volume + name that was dumped. An extension can be appended to this directory name + with B<-extension>. + + =item 3. + + All mountpoints will appear as symbolic links to the volume name. The + path name to the volume will be either that in B<-mountpoint>, or B<-dir>. + Symbolic links remain untouched. + + =item 4. + + You can change your umask during the restore with B<-umask>. Otherwise, + B uses your current umask. Mode bits for directories are 0777 + (then AND'ed with the umask). Mode bits for files are the owner mode bits + duplicated accross group and user (then AND'ed with the umask). + + =item 5. + + For restores of full dumps, if a directory says it has a file and the file + is not found, then a symbolic link F<< AFSFile-<#> >> will appear in that + restored tree. Restores of incremental dumps remove all these files at + the end (expensive because it is a tree search). + + =item 6. + + If a file or directory was found in the dump but found not to be connected + to the hierarchical tree, then the file or directory will be connected at + the root of the tree as F<< __ORPHANEDIR__.<#> >> or F<< + __ORPHANFILE__.<#> >>. + + =item 7. + + ACLs are not restored. + + =back + + =head1 CAUTIONS + + Normally, use L instead of this command. B is + a tool of last resort to try to extract data from the data structures + stored in a volume dumpfile and is not as regularly tested or used as the + normal L implementation. Using B bypasses + checks done by the L and L. + + =head1 OPTIONS + + =over 4 + + =item B<-file> > + + Specifies the output file for the dump. If this option is not given, the + volume will be dumped to standard output. + + =item B<-dir> > + + Names the directory in which to create the restored filesystem. The + current directory is used by default. Note that any mountpoints inside + the volume will point to the same directory unless the B<-mountpoint> + option is also specified. + + =item B<-extension> > + + By default, the name of the directory created matches the RW volume name + of the volume in the dump file. If this option is used, the directory + name will be the RW volume name I as the suffix. + + =item B<-mountpoint> > + + By default, mountpoints inside the volume being restored point to the + value given by I<-dir>. This option allows mountpoints to be resolved + relative to another path. A common use for this would be to specify a + path under F as the mount point root so that mountpoints inside the + restored volume would be resolved via AFS. + + The I must exist, and the process running the command + have read access to that directory, or the command will fail. + + =back + + =head1 EXAMPLES + + The following command restores the contents of the dumpfile in + F to the directory F, but having all + mountpoints inside the volume point to AFS (note that this requires + knowledge of where F is mounted in AFS): + + % restorevol -file sample.dump -dir /tmp -extension .2009-05-17 \ + -mountpoint /afs/example.org/sample + Restoring volume dump of 'sample' to directory '/tmp/sample.2009-05-17' + + =head1 PRIVILEGE REQUIRED + + The issuer must have read access to the dump file and write access to the + directory into which the dump is restored. If the B<-mountpoint> flag is + given, the issuer must also have read access to that directory. + + =head1 SEE ALSO + + L, + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2009 Steven Jenkins + + This documentation is covered by the BSD License as written in the + doc/LICENSE file. This man page was written by Steven Jenkins for + OpenAFS. Index: openafs/doc/man-pages/pod8/rmtsysd.pod diff -c /dev/null openafs/doc/man-pages/pod8/rmtsysd.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod8/rmtsysd.pod Mon May 18 19:34:56 2009 *************** *** 0 **** --- 1,41 ---- + =head1 NAME + + rmtsysd - Daemon to execute AFS-specific system calls for remote hosts + + =head1 SYNOPSIS + + =for html +
+ + B + + =for html +
+ + =head1 DESCRIPTION + + B is a daemon to execute AFS-specific system calls on behalf of + NFS client machines. This daemon only needs to be started if the machine + is an NFS/AFS translator server for users of NFS client machines who + execute AFS commands. + + =head1 CAUTIONS + + The protocol used by this daemon is not considered secure, so this should + not be used in an environment where security is important. + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged in as the local superuser root. + + =head1 SEE ALSO + + L + + =head1 COPYRIGHT + + Copyright 2009 Steven Jenkins + + This documentation is covered by the BSD License as written in the + doc/LICENSE file. This man page was written by Steven Jenkins for + OpenAFS. Index: openafs/doc/man-pages/pod8/vlserver.pod diff -c openafs/doc/man-pages/pod8/vlserver.pod:1.3.2.3 openafs/doc/man-pages/pod8/vlserver.pod:1.3.2.4 *** openafs/doc/man-pages/pod8/vlserver.pod:1.3.2.3 Sun Aug 24 21:15:03 2008 --- openafs/doc/man-pages/pod8/vlserver.pod Tue May 5 08:30:34 2009 *************** *** 8,14 ****
B S<<< [B<-p> >] >>> [B<-nojumbo>] [B<-jumbo>] [B<-rxbind>] S<<< [B<-d> >] >>> ! [B<-allow-dotted-principal>] [B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-help>] =for html --- 8,14 ----
B S<<< [B<-p> >] >>> [B<-nojumbo>] [B<-jumbo>] [B<-rxbind>] S<<< [B<-d> >] >>> ! [B<-allow-dotted-principals>] [B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-help>] =for html *************** *** 95,101 **** other machines. To display or otherwise access the records, use the Rx Monitoring API. ! =item B<-allow-dotted-principal> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid --- 95,101 ---- other machines. To display or otherwise access the records, use the Rx Monitoring API. ! =item B<-allow-dotted-principals> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid Index: openafs/doc/man-pages/pod8/voldump.pod diff -c openafs/doc/man-pages/pod8/voldump.pod:1.2 openafs/doc/man-pages/pod8/voldump.pod:1.2.2.1 *** openafs/doc/man-pages/pod8/voldump.pod:1.2 Wed Mar 1 00:02:32 2006 --- openafs/doc/man-pages/pod8/voldump.pod Mon May 18 19:34:08 2009 *************** *** 86,91 **** --- 86,92 ---- =head1 SEE ALSO L, + L, L, L, L Index: openafs/doc/man-pages/pod8/volserver.pod diff -c openafs/doc/man-pages/pod8/volserver.pod:1.4.2.2 openafs/doc/man-pages/pod8/volserver.pod:1.4.2.3 *** openafs/doc/man-pages/pod8/volserver.pod:1.4.2.2 Sun Aug 24 21:15:03 2008 --- openafs/doc/man-pages/pod8/volserver.pod Tue May 5 08:30:34 2009 *************** *** 12,18 **** S<<< [B<-d> >] >>> [B<-nojumbo>] [B<-jumbo>] [B<-enable_peer_stats>] [B<-enable_process_stats>] ! [B<-allow-dotted-principal>] [B<-help>] =for html
--- 12,18 ---- S<<< [B<-d> >] >>> [B<-nojumbo>] [B<-jumbo>] [B<-enable_peer_stats>] [B<-enable_process_stats>] ! [B<-allow-dotted-principals>] [B<-help>] =for html
*************** *** 99,105 **** other machines. To display or otherwise access the records, use the Rx Monitoring API. ! =item B<-allow-dotted-principal> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid --- 99,105 ---- other machines. To display or otherwise access the records, use the Rx Monitoring API. ! =item B<-allow-dotted-principals> By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid Index: openafs/doc/man-pages/pod8/vsys.pod diff -c /dev/null openafs/doc/man-pages/pod8/vsys.pod:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/man-pages/pod8/vsys.pod Mon May 18 19:35:33 2009 *************** *** 0 **** --- 1,51 ---- + =head1 NAME + + vsys - Make AFS system calls from the command line + + =head1 SYNOPSIS + + =for html +
+ + B > >+ + + =for html +
+ + =head1 DESCRIPTION + + B is a development tool to make AFS system calls from the command + line. > is the AFS system call to be invoked. >+ + are the values to pass to the system call. Knowledge of the AFS system + call layer is required to know valid call numbers and parameters. + + =head1 CAUTIONS + + B is intended for debugging AFS at a low level and is therefore + intended for AFS developers. System Administrators and AFS users should + use the higher-level interfaces provided by L, L, + L, and L instead. + + B provides a way to pass arbitrary data into the AFS system call + mechanism. Caution should be taken when using or providing this binary on + a system, as incorrect use as a privileged user could cause a system to + panic, hang, or perform an unsafe operation. + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged in as the local superuser root. + + =head1 SEE ALSO + + L, + L, + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2009 Steven Jenkins + + This documentation is covered by the BSD License as written in the + doc/LICENSE file. This man page was written by Steven Jenkins for OpenAFS. Index: openafs/doc/txt/winnotes/afs-changes-since-1.2.txt diff -c openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.67 openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.68 *** openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.67 Mon Apr 6 13:15:12 2009 --- openafs/doc/txt/winnotes/afs-changes-since-1.2.txt Mon May 25 23:50:03 2009 *************** *** 1,3 **** --- 1,86 ---- + Since 1.5.59 + * A fix to the pioctl library to support drive substitution + to UNC paths.  (SUBST <\\afs\cell\path>). + + * On April 9th Microsoft released a Hot Fix for Windows Server 2003 SP2 + that corrects a deadlock in the smb redirector and also adds new + functionality that permits the AFS SMB server to be given a longer + timeout than is normally the case. New functionality has been added + to configure these additional LanmanWorkstation\Parameter values. + (This functionality has been backported to XP SP3 and is scheduled + to be released on June 5th.) + + * The BackConnectionHostNames registry value configuration was broken + when dynamic re-establishment of Netbios Name registrations was added. + Restore it. + + * Hidden vos commands are revealed. + + * If the "DisableLoopbackCheck" registry value is set, do not unset + it during the same service session. + + * Reorganize code that prevents multiple Store operations to the same + File. + + * Modify IsPathInAfs test in Explorer Shell Extension and fs.exe to + permit broken symlinks to be treated as being in AFS. + + * Fix vos commands that output 64-bit integer values. + + * Cygwin Import Libraries are provided in the SDK for all OpenAFS DLLs. + Permits building cygwin applications against OpenAFS libraries. + + * OpenAFS Release Notes, Administrator Guide and User Guide now installed + as Windows HTML Help (.CHM) files. + + * NSIS installer does a much better job of cleaning up files left + over from previous installs. + + * Fix RT#124787, a race condition between "fs flush ", "fs flushvolume", + or "fs flushall" and on-going directory operations that can result in + afsd_service.exe crashing. + + * Add support for DNS SRV records in place of AFSDB records.  + _afs3-vlserver._udp..  Priority field is used.  + Weight is currently ignored. + + * Add a method of specifying Client CellServDB information within the + registry that can be used to either override the CellServDB file or + force the use of DNS lookups for a given cell. + + The registry schema is as follows: + + HKLM\SOFTWARE\OpenAFS\{Client,Server}\CellServDB\[cellname]\ + "LinkedCell" REG_SZ "[cellname]" + "Description" REG_SZ "[comment]" + "ForceDNS" DWORD {0,1} + + HKLM\SOFTWARE\OpenAFS\{Client,Server}\CellServDB\[cellname]\[servername]\ + "HostName" REG_SZ "[hostname]" Default: [servername] + "IPv4Address" REG_SZ "[address]" Used only if gethostbyname() fails. + "IPv6Address" REG_SZ "[address]" + "Comment" REG_SZ "[comment]" + "Rank" DWORD "0..65535" Default: 0 + "Clone" DWORD "{0,1}" + "vlserver" DWORD "7003" + "ptserver" DWORD ... + + ForceDNS is implied non-zero if there are no [servername] + keys under the [cellname] key. Otherwise, ForceDNS is zero. + If [servername] keys are specified and none of them evaluate + to a valid server configuration, the return code is success. + This prevents failover to the CellServDB file or DNS. + + Only one of "HostName" or "IPv4Address" is required. "HostName" + is optional if [servername] is the host name. + + * Extend registry based CellServDB functionality to + afsconf_GetCellInfo() interface used by aklog and many + other command line utilities. + + * libafsconf.dll moved from OpenAFS\Client\Program to OpenAFS\Common + as it is now used by both client and server components. + Since 1.5.58 * PriorityClass of afsd_service.exe process raised to "High" to match the priority of the system services Index: openafs/doc/xml/banner.gif Index: openafs/doc/xml/books.gif Index: openafs/doc/xml/down.gif Index: openafs/doc/xml/home.gif Index: openafs/doc/xml/index.gif Index: openafs/doc/xml/index.html diff -c /dev/null openafs/doc/xml/index.html:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/xml/index.html Wed May 13 22:25:59 2009 *************** *** 0 **** --- 1,55 ---- + + + + OpenAFS Documentation + + + + +
+ +

+ + +

+ +

 

+

 

+ +

Documentation

+ +

 

+

 

+ +

Welcome to the OpenAFS Documentation set!

+ +

Documentation:

+ + + + +
+ + + + + + + + Index: openafs/doc/xml/logo.jpg Index: openafs/doc/xml/next.gif Index: openafs/doc/xml/prev.gif Index: openafs/doc/xml/up.gif Index: openafs/doc/xml/AdminGuide/Makefile.in diff -c /dev/null openafs/doc/xml/AdminGuide/Makefile.in:1.1.2.2 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/xml/AdminGuide/Makefile.in Wed May 27 15:44:51 2009 *************** *** 0 **** --- 1,42 ---- + # Makefile to build the AFS Admin Guide for Unix. + # + # This makefile assumes that various utilities are available on the system. + # On Debian lenny, installing the packages: + # + # dblatex + # docbook-xsl + # libxml2-utils + # xsltproc + # + # gave me all the utilities needed. + # + # HTML_XSL is possibly specific to Debian and may need to be modified on other + # systems. + + all: pdf html + + include @TOP_OBJDIR@/src/config/Makefile.config + VERSFILE=version + include @TOP_OBJDIR@/src/config/Makefile.version + + BOOK = auagd000.xml + SRCS = $(BOOK) auagd005.xml auagd006.xml auagd007.xml auagd008.xml \ + auagd009.xml auagd010.xml auagd011.xml auagd012.xml auagd013.xml \ + auagd014.xml auagd015.xml auagd016.xml auagd017.xml auagd018.xml \ + auagd019.xml auagd020.xml auagd021.xml auagd022.xml auagd023.xml \ + auagd024.xml auagd025.xml + HTML_XSL = @HTML_XSL@ + XSLTPROC = @XSLTPROC@ + + html: $(SRCS) $(VERSFILE).xml + $(XSLTPROC) --param navig.graphics 1 \ + --stringparam navig.graphics.path ../ $(HTML_XSL) $(BOOK) + + pdf: $(SRCS) + dblatex $(BOOK) + + check: + xmllint --noout --valid $(BOOK) + + clean: + rm -f *.html *.pdf Index: openafs/doc/xml/AdminGuide/NTMakefile diff -c /dev/null openafs/doc/xml/AdminGuide/NTMakefile:1.1.2.4 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/xml/AdminGuide/NTMakefile Thu May 21 13:52:13 2009 *************** *** 0 **** --- 1,85 ---- + # Copyright 2009, Secure Endpoints Inc. + # All Rights Reserved. + # + # Redistribution and use in source and binary forms, with or without + # modification, are permitted provided that the following conditions are met: + # + # - Redistributions of source code must retain the above copyright notice, + # this list of conditions and the following disclaimer. + # - Redistributions in binary form must reproduce the above copyright notice, + # this list of conditions and the following disclaimer in the documentation + # and/or other materials provided with the distribution. + # - Neither the name of Secure Endpoints Inc. nor the names of its contributors + # may be used to endorse or promote products derived from this software without + # specific prior written permission from Secure Endpoints Inc.. + # + # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER + # OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + # EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + VERSFILE = version + !INCLUDE ..\..\..\src\config\NTMakefile.$(SYS_NAME) + !INCLUDE ..\..\..\src\config\NTMakefile.version + + !IFNDEF CYGWIN + CYGWIN = c:/cygwin + !ENDIF + !IFNDEF DOCBOOK_XSL + DOCBOOK_XSL = $(CYGWIN)/usr/share/docbook-xsl + !ENDIF + XSLTPROC = xsltproc.exe + HTML_XSL = $(DOCBOOK_XSL)/html/chunk.xsl + HTML_PARMS = --param navig.graphics 1 --stringparam navig.graphics.path ../ + CHM_XSL = $(DOCBOOK_XSL)/htmlhelp/htmlhelp.xsl + + XMLSRCS = \ + auagd000.xml \ + auagd005.xml \ + auagd006.xml \ + auagd007.xml \ + auagd008.xml \ + auagd009.xml \ + auagd010.xml \ + auagd011.xml \ + auagd012.xml \ + auagd013.xml \ + auagd014.xml \ + auagd015.xml \ + auagd016.xml \ + auagd017.xml \ + auagd018.xml \ + auagd019.xml \ + auagd020.xml \ + auagd021.xml \ + auagd022.xml \ + auagd023.xml \ + auagd024.xml \ + auagd025.xml \ + $(VERSFILE).xml + + index.html: $(XMLSRCS) + @echo Building OpenAFS Administrator Guide in HTML format + $(XSLTPROC) $(HTML_PARMS) $(HTML_XSL) auagd000.xml + + htmlhelp.chm: $(XMLSRCS) + @echo Building OpenAFS Administrator Guide in HTML Help format + $(XSLTPROC) $(CHM_XSL) auagd000.xml + -hhc.exe htmlhelp.hhp + $(DEL) *.html + $(DEL) *.hh? + $(DEL) *.chw + + install: htmlhelp.chm index.html + + clean:: + $(DEL) *.html + $(DEL) htmlhelp.chm + $(DEL) $(VERSFILE).xml Index: openafs/doc/xml/AdminGuide/auagd000.xml diff -c /dev/null openafs/doc/xml/AdminGuide/auagd000.xml:1.1.8.5 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/xml/AdminGuide/auagd000.xml Thu May 21 13:52:13 2009 *************** *** 0 **** --- 1,109 ---- + + + + + + + + + + + + + + + + + + + + + + + + ]> + + + OpenAFS Administration Guide + + + 2000 + + IBM Corporation. All Rights Reserved + + + + &version; + + + 3.6 + + April 2000 + + First IBM Edition, Document Number GC09-4563-00 + + + + + This edition applies to: + OpenAFS for AIX, Version M.m + OpenAFS for Digital Unix, Version M.m + OpenAFS for HP-UX, Version M.m + OpenAFS for Linux, Version M.m + OpenAFS for SGI IRIX, Version M.m + OpenAFS for Solaris, Version M.m + + + and to all subsequent releases and modifications until otherwise + indicated in new editions.This softcopy version is based on the printed + edition of this book. Some formatting amendments have been made to make + this information more suitable for softcopy. + + + + &preface; + + + Concepts and Configuration Issues + + &chapter1; + &chapter2; + + + + Managing File Server Machines + + &chapter3; + &chapter4; + &chapter5; + &chapter6; + &chapter7; + &chapter8; + &chapter9; + + + + Managing Client Machines + + &chapter10; + &chapter11; + + + + Managing Users and Groups + + &chapter12; + &chapter13; + &chapter14; + &chapter15; + &chapter16; + + + &appendixA; + &appendixB; + &appendixC; + &appendixD; + + Index: openafs/doc/xml/AdminGuide/auagd005.xml diff -c /dev/null openafs/doc/xml/AdminGuide/auagd005.xml:1.1.8.3 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/xml/AdminGuide/auagd005.xml Wed May 13 22:25:59 2009 *************** *** 0 **** --- 1,207 ---- + + + About This Guide + + This section describes the purpose, organization, and conventions of this document. + + + Audience and Purpose + + This guide describes the concepts and procedures that an AFS(R) system administrator needs to know. It assumes familiarity + with UNIX(R) administration, but no previous knowledge of AFS. + + This document describes AFS commands in the context of specific tasks. Thus, it does not describe all commands in detail. + Refer to the OpenAFS Administration Reference for detailed command descriptions. + + + + Document Organization + + This document groups AFS administrative tasks into the following conceptual sections: + + Concepts and Configuration Issues + + + + Managing File Server Machines + + + + Managing Client Machines + + + + Managing Users and Groups + + + + The individual chapters in each section contain the following: + + A chapter overview + + + + A quick reference list of the tasks and commands described in the chapter + + + + An introduction to concepts that pertain to all of the tasks described in the chapter + + + + A set of sections devoted to specific tasks. Each section begins with a discussion of concepts specific to that + task, followed by step-by-step instructions for performing the task. The instructions are as specific as has been judged + practical. If two related procedures differ from one another in important details, separate sets of instructions are + usually provided. + + + + + + How to Use This Document + + When you need to perform a specific administrative task, follow these steps: + + + + Determine if the task concerns file server machines, client machines, or users and groups. Turn to the appropriate + section in this document and then to the appropriate chapter. + + + + Read or review the general introductory material at the beginning of the chapter. + + + + Read or review the introductory material concerning the specific task you wish to perform. + + + + Follow the step-by-step instructions for the task. + + + + If necessary, refer to the OpenAFS Administration Reference for more detailed information about the commands. + + + + + + + Related Documents + + The following documents are also included in the AFS documentation set. + + + + OpenAFS Administration Reference + + + This reference manual details the syntax and effect of each AFS command. It is intended for the experienced AFS + administrator, programmer, or user. The OpenAFS Administration Reference lists AFS files and commands in alphabetical + order. The reference page for each command specifies its syntax, including the acceptable aliases and abbreviations. It + then describes the command's function, arguments, and output if any. Examples and a list of related commands are provided, + as are warnings where appropriate. + + This manual complements the OpenAFS Administration Guide: it does not include procedural information, but describes + commands in more detail than the OpenAFS Administration Guide. + + + + + OpenAFS Quick Beginnings + + + This guide provides instructions for installing AFS server and client machines. It is assumed that the installer is + an experienced UNIX(R) system administrator. + + For predictable performance, machines must be installed and configured in accordance with the instructions in this + guide. + + + + + OpenAFS Release Notes + + + This document provides information specific to each release of AFS, such as a list of new features and commands, a + list of requirements and limitations, and instructions for upgrading server and client machines. + + + + + OpenAFS User Guide + + + This guide presents the basic concepts and procedures necessary for using AFS effectively. It assumes that the + reader has some experience with UNIX, but does not require familiarity with networking or AFS. + + The guide explains how to perform basic functions, including authenticating, changing a password, protecting AFS + data, creating groups, and troubleshooting. It provides illustrative examples for each function and describes some of the + differences between the UNIX file system and AFS. + + + + + + + + Typographical Conventions + + This document uses the following typographical conventions: + + + + Command and option names appear in bold type in syntax definitions, examples, and + running text. Names of directories, files, machines, partitions, volumes, and users also appear in bold type. + + + + Variable information appears in italic type. This includes user-supplied information on command + lines and the parts of prompts that differ depending on who issues the command. New terms also appear in italic + type. + + + + Examples of screen output and file contents appear in monospace type. + + + + + In addition, the following symbols appear in command syntax definitions, both in the documentation and in AFS online help + statements. When issuing a command, do not type these symbols. + + Square brackets [ ] surround optional items. + + + + Angle brackets < > surround user-supplied values in AFS commands. + + + + A superscripted plus sign + follows an argument that accepts more than one + value. + + + + The percent sign % represents the regular command shell prompt. Some operating systems possibly use a different + character for this prompt. + + + + The number sign # represents the command shell prompt for the local superuser root. + Some operating systems possibly use a different character for this prompt. + + + + The pipe symbol | in a command syntax statement separates mutually exclusive values + for an argument. + + + + For additional information on AFS commands, including a description of command string components, acceptable abbreviations + and aliases, and how to get online help for commands, see Appendix B, Using AFS + Commands. + + Index: openafs/doc/xml/AdminGuide/auagd006.xml diff -c /dev/null openafs/doc/xml/AdminGuide/auagd006.xml:1.1.8.3 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/xml/AdminGuide/auagd006.xml Wed May 13 22:25:59 2009 *************** *** 0 **** --- 1,1154 ---- + + + An Overview of OpenAFS Administration + + This chapter provides a broad overview of the concepts and organization of AFS. It is strongly recommended that anyone + involved in administering an AFS cell read this chapter before beginning to issue commands. + + + A Broad Overview of AFS + + This section introduces most of the key terms and concepts necessary for a basic understanding of AFS. For a more detailed + discussion, see More Detailed Discussions of Some Basic Concepts. + + + AFS: A Distributed File System + + AFS is a distributed file system that enables users to share and access all of the files stored in a network of + computers as easily as they access the files stored on their local machines. The file system is called distributed for this + exact reason: files can reside on many different machines (be distributed across them), but are available to users on every + machine. + + + + Servers and Clients + + In fact, AFS stores files on a subset of the machines in a network, called file server machines. File server machines + provide file storage and delivery service, along with other specialized services, to the other subset of machines in the + network, the client machines. These machines are called clients because they make use of the servers' services while doing + their own work. In a standard AFS configuration, clients provide computational power, access to the files in AFS and other + "general purpose" tools to the users seated at their consoles. There are generally many more client workstations than file + server machines. + + AFS file server machines run a number of server processes, so called because each provides a distinct specialized + service: one handles file requests, another tracks file location, a third manages security, and so on. To avoid confusion, AFS + documentation always refers to server machines and server processes, not simply to servers. For a more detailed description of + the server processes, see AFS Server Processes and the Cache Manager. + + + + Cells + + A cell is an administratively independent site running AFS. As a cell's system administrator, you make many decisions + about configuring and maintaining your cell in the way that best serves its users, without having to consult the + administrators in other cells. For example, you determine how many clients and servers to have, where to put files, and how to + allocate client machines to users. + + + + Transparent Access and the Uniform Namespace + + Although your AFS cell is administratively independent, you probably want to organize the local collection of files + (your filespace or tree) so that users from other cells can also access the information in it. AFS enables cells to combine + their local filespaces into a global filespace, and does so in such a way that file access is transparent--users do not need + to know anything about a file's location in order to access it. All they need to know is the pathname of the file, which looks + the same in every cell. Thus every user at every machine sees the collection of files in the same way, meaning that AFS + provides a uniform namespace to its users. + + + + Volumes + + AFS groups files into volumes, making it possible to distribute files across many machines and yet maintain a uniform + namespace. A volume is a unit of disk space that functions like a container for a set of related files, keeping them all + together on one partition. Volumes can vary in size, but are (by definition) smaller than a partition. + + Volumes are important to system administrators and users for several reasons. Their small size makes them easy to move + from one partition to another, or even between machines. The system administrator can maintain maximum efficiency by moving + volumes to keep the load balanced evenly. In addition, volumes correspond to directories in the filespace--most cells store + the contents of each user home directory in a separate volume. Thus the complete contents of the directory move together when + the volume moves, making it easy for AFS to keep track of where a file is at a certain time. Volume moves are recorded + automatically, so users do not have to keep track of file locations. + + + + Efficiency Boosters: Replication and Caching + + AFS incorporates special features on server machines and client machines that help make it efficient and + reliable. + + On server machines, AFS enables administrators to replicate commonly-used volumes, such as those containing binaries for + popular programs. Replication means putting an identical read-only copy (sometimes called a clone) of a volume on more than + one file server machine. The failure of one file server machine housing the volume does not interrupt users' work, because the + volume's contents are still available from other machines. Replication also means that one machine does not become + overburdened with requests for files from a popular volume. + + On client machines, AFS uses caching to improve efficiency. When a user on a client workstation requests a file, the + Cache Manager on the client sends a request for the data to the File Server process running on the proper file server machine. + The user does not need to know which machine this is; the Cache Manager determines file location automatically. The Cache + Manager receives the file from the File Server process and puts it into the cache, an area of the client machine's local disk + or memory dedicated to temporary file storage. Caching improves efficiency because the client does not need to send a request + across the network every time the user wants the same file. Network traffic is minimized, and subsequent access to the file is + especially fast because the file is stored locally. AFS has a way of ensuring that the cached file stays up-to-date, called a + callback. + + + + Security: Mutual Authentication and Access Control Lists + + Even in a cell where file sharing is especially frequent and widespread, it is not desirable that every user have equal + access to every file. One way AFS provides adequate security is by requiring that servers and clients prove their identities + to one another before they exchange information. This procedure, called mutual authentication, requires that both server and + client demonstrate knowledge of a "shared secret" (like a password) known only to the two of them. Mutual authentication + guarantees that servers provide information only to authorized clients and that clients receive information only from + legitimate servers. + + Users themselves control another aspect of AFS security, by determining who has access to the directories they own. For + any directory a user owns, he or she can build an access control list (ACL) that grants or denies access to the contents of + the directory. An access control list pairs specific users with specific types of access privileges. There are seven separate + permissions and up to twenty different people or groups of people can appear on an access control list. + + For a more detailed description of AFS's mutual authentication procedure, see A More Detailed + Look at Mutual Authentication. For further discussion of ACLs, see Managing Access Control + Lists. + + + + + More Detailed Discussions of Some Basic Concepts + + The previous section offered a brief overview of the many concepts that an AFS system administrator needs to understand. + The following sections examine some important concepts in more detail. Although not all concepts are new to an experienced + administrator, reading this section helps ensure a common understanding of term and concepts. + + + Networks + + + network + + defined + + + A network is a collection of interconnected computers able to communicate with each other and + transfer information back and forth. + + A networked computing environment contrasts with two types of computing environments: mainframe and + personal. + network + + as computing environment + + environment + + types compared + + + A mainframe computing environment is the most traditional. It uses a single powerful computer + (the mainframe) to do the majority of the work in the system, both file storage and computation. It serves many users, + who access their files and issue commands to the mainframe via terminals, which generally have only enough computing + power to accept input from a keyboard and to display data on the screen. + + + mainframe + + computing environment + + + + + A personal computing environment is a single small computer that serves one (or, at the most, + a few) users. Like a mainframe computer, the single computer stores all the files and performs all computation. Like a + terminal, the personal computer provides access to the computer through a keyboard and screen. + + + personal + + computing environment + + + + + A network can connect computers of any kind, but the typical network running AFS connects high-function personal + workstations. Each workstation has some computing power and local disk space, usually more than a personal computer or + terminal, but less than a mainframe. For more about the classes of machines used in an AFS environment, see Servers and Clients. + + + + Distributed File Systems + + + file system + + defined + + + + distributed file system + + + A file system is a collection of files and the facilities (programs and commands) that enable users + to access the information in the files. All computing environments have file systems. In a mainframe environment, the file + system consists of all the files on the mainframe's storage disks, whereas in a personal computing environment it consists of + the files on the computer's local disk. + + Networked computing environments often use distributed file systems like AFS. A distributed file + system takes advantage of the interconnected nature of the network by storing files on more than one computer in the network + and making them accessible to all of them. In other words, the responsibility for file storage and delivery is "distributed" + among multiple machines instead of relying on only one. Despite the distribution of responsibility, a distributed file system + like AFS creates the illusion that there is a single filespace. + + + + Servers and Clients + + + server/client model + + + + server + + definition + + + + client + + definition + + + AFS uses a server/client model. In general, a server is a machine, or a process running on a machine, that provides + specialized services to other machines. A client is a machine or process that makes use of a server's specialized service + during the course of its own work, which is often of a more general nature than the server's. The functional distinction + between clients and server is not always strict, however--a server can be considered the client of another server whose + service it is using. + + AFS divides the machines on a network into two basic classes, file server machines and + client machines, and assigns different tasks and responsibilities to each. + + + File Server Machines + + + file server machine + + + + server + + process + + definition + + + File server machines store the files in the distributed file system, and a server + process running on the file server machine delivers and receives files. AFS file server machines run a number of + server processes. Each process has a special function, such as maintaining databases important to AFS + administration, managing security or handling volumes. This modular design enables each server process to specialize in one + area, and thus perform more efficiently. For a description of the function of each AFS server process, see AFS Server Processes and the Cache Manager. + + + Not all AFS server machines must run all of the server processes. Some processes run on only a few machines because the + demand for their services is low. Other processes run on only one machine in order to act as a synchronization site. See The Four Roles for File Server Machines. + + + Client Machines + + + client + + machine + + definition + + + The other class of machines are the client machines, which generally work directly for users, + providing computational power and other general purpose tools. Clients also provide users with access to the files stored on + the file server machines. Clients do not run any special processes per se, but do use a modified kernel that enables them to + communicate with the AFS server processes running on the file server machines and to cache files. This collection of kernel + modifications is referred to as the Cache Manager; see The Cache Manager. There are usually + many more client machines in a cell than file server machines. + + + + Client and Server Configuration + + + personal + + workstation + + as typical AFS machine + + + In the most typical AFS configuration, both file server machines and client machines are high-function workstations + with disk drives. While this configuration is not required, it does have some advantages. + + + There are several advantages to using personal workstations as file server machines. One is that it is easy to expand + the network by adding another file server machine. It is also easy to increase storage space by adding disks to existing + machines. Using workstations rather than more powerful mainframes makes it more economical to use multiple file server + machines rather than one. Multiple file server machines provide an increase in system availability and reliability if popular + files are available on more than one machine. + + The advantage of using workstations as clients is that caching on the local disk speeds the delivery of files to + application programs. (For an explanation of caching, see Caching and Callbacks.) Diskless + machines can access AFS if they are running NFS(R) and the NFS/AFS Translator, an optional component of the AFS + distribution. + + + + Cells + + + cell + + + A cell is an independently administered site running AFS. In terms of hardware, it consists of a + collection of file server machines and client machines defined as belonging to the cell; a machine can only belong to one cell + at a time. Users also belong to a cell in the sense of having an account in it, but unlike machines can belong to (have an + account in) multiple cells. To say that a cell is administratively independent means that its administrators determine many + details of its configuration without having to consult administrators in other cells or a central authority. For example, a + cell administrator determines how many machines of different types to run, where to put files in the local tree, how to + associate volumes and directories, and how much space to allocate to each user. + + The terms local cell and home cell are equivalent, and refer to the cell in + which a user has initially authenticated during a session, by logging onto a machine that belongs to that cell. All other + cells are referred to as foreign from the user's perspective. In other words, throughout a login session, + a user is accessing the filespace through a single Cache Manager--the one on the machine to which he or she initially logged + in--whose cell membership defines the local cell. All other cells are considered foreign during that login session, even if + the user authenticates in additional cells or uses the cd command to change directories into + their file trees. + + + local cell + + + + cell + + local + + + + foreign cell + + + + cell + + foreign + + + It is possible to maintain more than one cell at a single geographical location. For instance, separate departments on a + university campus or in a corporation can choose to administer their own cells. It is also possible to have machines at + geographically distant sites belong to the same cell; only limits on the speed of network communication determine how + practical this is. + + Despite their independence, AFS cells generally agree to make their local filespace visible to other AFS cells, so that + users in different cells can share files if they choose. If your cell is to participate in the "global" AFS namespace, it must + comply with a few basic conventions governing how the local filespace is configured and how the addresses of certain file + server machines are advertised to the outside world. + + + + The Uniform Namespace and Transparent Access + + + transparent access as AFS feature + + + + access + + transparent (AFS feature) + + + One of the features that makes AFS easy to use is that it provides transparent access to the files in a cell's + filespace. Users do not have to know which file server machine stores a file in order to access it; they simply provide the + file's pathname, which AFS automatically translates into a machine location. + + In addition to transparent access, AFS also creates a uniform namespace--a file's pathname is + identical regardless of which client machine the user is working on. The cell's file tree looks the same when viewed from any + client because the cell's file server machines store all the files centrally and present them in an identical manner to all + clients. + + To enable the transparent access and the uniform namespace features, the system administrator must follow a few simple + conventions in configuring client machines and file trees. For details, see Making Other Cells Visible + in Your Cell. + + + + Volumes + + + volume + + definition + + + A volume is a conceptual container for a set of related files that keeps them all together on one + file server machine partition. Volumes can vary in size, but are (by definition) smaller than a partition. Volumes are the + main administrative unit in AFS, and have several characteristics that make administrative tasks easier and help improve + overall system performance. + + The relatively small size of volumes makes them easy to move from one partition to another, or even between + machines. + + + + You can maintain maximum system efficiency by moving volumes to keep the load balanced evenly among the different + machines. If a partition becomes full, the small size of individual volumes makes it easy to find enough room on other + machines for them. + + + volume + + in load balancing + + + + + Each volume corresponds logically to a directory in the file tree and keeps together, on a single partition, all + the data that makes up the files in the directory. By maintaining (for example) a separate volume for each user's home + directory, you keep all of the user's files together, but separate from those of other users. This is an administrative + convenience that is impossible if the partition is the smallest unit of storage. + + + volume + + correspondence with directory + + + + directory + + correspondence with volume + + + + correspondence + + of volumes and directories + + + + + The directory/volume correspondence also makes transparent file access possible, because it simplifies the process + of file location. All files in a directory reside together in one volume and in order to find a file, a file server + process need only know the name of the file's parent directory, information which is included in the file's pathname. + AFS knows how to translate the directory name into a volume name, and automatically tracks every volume's location, even + when a volume is moved from machine to machine. For more about the directory/volume correspondence, see Mount Points. + + + + Volumes increase file availability through replication and backup. + + + volume + + as unit of + + replication + + + + volume + + as unit of + + backup + + + + + Replication (placing copies of a volume on more than one file server machine) makes the contents more reliably + available; for details, see Replication. Entire sets of volumes can be backed up to tape + and restored to the file system; see Configuring the AFS Backup System and Backing Up and Restoring AFS Data. In AFS, backup also refers to recording the state of a + volume at a certain time and then storing it (either on tape or elsewhere in the file system) for recovery in the event + files in it are accidentally deleted or changed. See Creating Backup Volumes. + + + + Volumes are the unit of resource management. A space quota associated with each volume sets a limit on the maximum + volume size. See Setting and Displaying Volume Quota and Current Size. + + + volume + + as unit of + + resource management + + + + + + + Mount Points + + + mount point + + definition + + + The previous section discussed how each volume corresponds logically to a directory in the file system: the volume keeps + together on one partition all the data in the files residing in the directory. The directory that corresponds to a volume is + called its root directory, and the mechanism that associates the directory and volume is called a + mount point. A mount point is similar to a symbolic link in the file tree that specifies which volume + contains the files kept in a directory. A mount point is not an actual symbolic link; its internal structure is + different. + + + You must not create a symbolic link to a file whose name begins with the number sign (#) or the percent sign (%), + because the Cache Manager interprets such a link as a mount point to a regular or read/write volume, respectively. + + + + root directory + + + + directory + + root + + + + volume + + root directory of + + + + volume + + mounting + + + The use of mount points means that many of the elements in an AFS file tree that look and function just like standard + UNIX file system directories are actually mount points. In form, a mount point is a one-line file that names the volume + containing the data for files in the directory. When the Cache Manager (see The Cache Manager) + encounters a mount point--for example, in the course of interpreting a pathname--it looks in the volume named in the mount + point. In the volume the Cache Manager finds an actual UNIX-style directory element--the volume's root directory--that lists + the files contained in the directory/volume. The next element in the pathname appears in that list. + + A volume is said to be mounted at the point in the file tree where there is a mount point pointing + to the volume. A volume's contents are not visible or accessible unless it is mounted. + + + + Replication + + + replication + + definition + + + + clone + + + Replication refers to making a copy, or clone, of a source read/write volume + and then placing the copy on one or more additional file server machines in a cell. One benefit of replicating a volume is + that it increases the availability of the contents. If one file server machine housing the volume fails, users can still + access the volume on a different machine. No one machine need become overburdened with requests for a popular file, either, + because the file is available from several machines. + + Replication is not necessarily appropriate for cells with limited disk space, nor are all types of volumes equally + suitable for replication (replication is most appropriate for volumes that contain popular files that do not change very + often). For more details, see When to Replicate Volumes. + + + + Caching and Callbacks + + + caching + + + Just as replication increases system availability, caching increases the speed and efficiency of + file access in AFS. Each AFS client machine dedicates a portion of its local disk or memory to a cache where it stores data + temporarily. Whenever an application program (such as a text editor) running on a client machine requests data from an AFS + file, the request passes through the Cache Manager. The Cache Manager is a portion of the client machine's kernel that + translates file requests from local application programs into cross-network requests to the File Server + process running on the file server machine storing the file. When the Cache Manager receives the requested data + from the File Server, it stores it in the cache and then passes it on to the application program. + + Caching improves the speed of data delivery to application programs in the following ways: + + + + When the application program repeatedly asks for data from the same file, it is already on the local disk. The + application does not have to wait for the Cache Manager to request and receive the data from the File Server. + + + + Caching data eliminates the need for repeated request and transfer of the same data, so network traffic is reduced. + Thus, initial requests and other traffic can get through more quickly. + + + AFS + + reducing traffic in + + + + network + + reducing traffic through caching + + + + slowed performance + + preventing in AFS + + + + + + callback + + + + consistency guarantees + + cached data + + + While caching provides many advantages, it also creates the problem of maintaining consistency among the many cached + copies of a file and the source version of a file. This problem is solved using a mechanism referred to as a + callback. + + A callback is a promise by a File Server to a Cache Manager to inform the latter when a change is made to any of the + data delivered by the File Server. Callbacks are used differently based on the type of file delivered by the File Server: + + + When a File Server delivers a writable copy of a file (from a read/write volume) to the Cache Manager, the File + Server sends along a callback with that file. If the source version of the file is changed by another user, the File + Server breaks the callback associated with the cached version of that file--indicating to the Cache Manager that it + needs to update the cached copy. + + + + When a File Server delivers a file from a read-only volume to the Cache Manager, the File Server sends along a + callback associated with the entire volume (so it does not need to send any more callbacks when it delivers additional + files from the volume). Only a single callback is required per accessed read-only volume because files in a read-only + volume can change only when a new version of the complete volume is released. All callbacks associated with the old + version of the volume are broken at release time. + + + + The callback mechanism ensures that the Cache Manager always requests the most up-to-date version of a file. However, it + does not ensure that the user necessarily notices the most current version as soon as the Cache Manager has it. That depends + on how often the application program requests additional data from the File System or how often it checks with the Cache + Manager. + + + + + AFS Server Processes and the Cache Manager + + + AFS + + server processes used in + + + + server + + process + + list of AFS + + + As mentioned in Servers and Clients, AFS file server machines run a number of processes, + each with a specialized function. One of the main responsibilities of a system administrator is to make sure that processes are + running correctly as much of the time as possible, using the administrative services that the server processes provide. + + The following list briefly describes the function of each server process and the Cache Manager; the following sections + then discuss the important features in more detail. + + The File Server, the most fundamental of the servers, delivers data files from the file server + machine to local workstations as requested, and stores the files again when the user saves any changes to the files. + + The Basic OverSeer Server (BOS Server) ensures that the other server processes on its server machine + are running correctly as much of the time as possible, since a server is useful only if it is available. The BOS Server relieves + system administrators of much of the responsibility for overseeing system operations. + + The Authentication Server helps ensure that communications on the network are secure. It verifies + user identities at login and provides the facilities through which participants in transactions prove their identities to one + another (mutually authenticate). It maintains the Authentication Database. + + The Protection Server helps users control who has access to their files and directories. Users can grant access to several + other users at once by putting them all in a group entry in the Protection Database maintained by the Protection Server. + + The Volume Server performs all types of volume manipulation. It helps the administrator move volumes + from one server machine to another to balance the workload among the various machines. + + The Volume Location Server (VL Server) maintains the Volume Location Database (VLDB), in which it + records the location of volumes as they move from file server machine to file server machine. This service is the key to + transparent file access for users. + + The Update Server distributes new versions of AFS server process software and configuration + information to all file server machines. It is crucial to stable system performance that all server machines run the same + software. + + The Backup Server maintains the Backup Database, in which it stores information related to the Backup + System. It enables the administrator to back up data from volumes to tape. The data can then be restored from tape in the event + that it is lost from the file system. + + The Salvager is not a server in the sense that others are. It runs only after the File Server or + Volume Server fails; it repairs any inconsistencies caused by the failure. The system administrator can invoke it directly if + necessary. + + The Network Time Protocol Daemon (NTPD) is not an AFS server process per se, but plays a vital role + nonetheless. It synchronizes the internal clock on a file server machine with those on other machines. Synchronized clocks are + particularly important for correct functioning of the AFS distributed database technology (known as Ubik); see Configuring the Cell for Proper Ubik Operation. The NTPD is controlled by the runntp process. + + The Cache Manager is the one component in this list that resides on AFS client rather than file + server machines. It not a process per se, but rather a part of the kernel on AFS client machines that communicates with AFS + server processes. Its main responsibilities are to retrieve files for application programs running on the client and to maintain + the files in the cache. + + + The File Server + + + File Server + + description + + + The File Server is the most fundamental of the AFS server processes and runs on each file server + machine. It provides the same services across the network that the UNIX file system provides on the local disk: + + Delivering programs and data files to client workstations as requested and storing them again when the client + workstation finishes with them. + + + + Maintaining the hierarchical directory structure that users create to organize their files. + + + + Handling requests for copying, moving, creating, and deleting files and directories. + + + + Keeping track of status information about each file and directory (including its size and latest modification + time). + + + + Making sure that users are authorized to perform the actions they request on particular files or + directories. + + + + Creating symbolic and hard links between files. + + + + Granting advisory locks (corresponding to UNIX locks) on request. + + + + + + The Basic OverSeer Server + + + BOS Server + + description + + + The Basic OverSeer Server (BOS Server) reduces the demands on system administrators by constantly + monitoring the processes running on its file server machine. It can restart failed processes automatically and provides a + convenient interface for administrative tasks. + + The BOS Server runs on every file server machine. Its primary function is to minimize system outages. It also + + + + Constantly monitors the other server processes (on the local machine) to make sure they are running + correctly. + + + + Automatically restarts failed processes, without contacting a human operator. When restarting multiple server + processes simultaneously, the BOS server takes interdependencies into account and initiates restarts in the correct + order. + + + system outages + + reducing + + + + outages + + BOS Server role in, + + + + + Accepts requests from the system administrator. Common reasons to contact BOS are to verify the status of server + processes on file server machines, install and start new processes, stop processes either temporarily or permanently, and + restart dead processes manually. + + + + Helps system administrators to manage system configuration information. The BOS server automates the process of + adding and changing server encryption keys, which are important in mutual authentication. The BOS + Server also provides a simple interface for modifying two files that contain information about privileged users and + certain special file server machines. For more details about these configuration files, see Common + Configuration Files in the /usr/afs/etc Directory. + + + + + + The Authentication Server + + + Authentication Server + + description + + + The Authentication Server performs two main functions related to network security: + + Verifying the identity of users as they log into the system by requiring that they provide a password. The + Authentication Server grants the user a token as proof to AFS server processes that the user has authenticated. For more + on tokens, see Complex Mutual Authentication. + + + + Providing the means through which server and client processes prove their identities to each other (mutually + authenticate). This helps to create a secure environment in which to send cross-network messages. + + + + In fulfilling these duties, the Authentication Server utilizes algorithms and other procedures known as + Kerberos (which is why many commands used to contact the Authentication Server begin with the letter + k). This technology was originally developed by the Massachusetts Institute of Technology's + Project Athena. + + The Authentication Server also maintains the Authentication Database, in which it stores user + passwords converted into encryption key form as well as the AFS server encryption key. To learn more about the procedures AFS + uses to verify user identity and during mutual authentication, see A More Detailed Look at Mutual + Authentication. + + + AFS + + + + AFS UID + + + + username + + use by Kerberos + + + + UNIX + + UID + + functional difference from AFS UID + + + + Kerberos + + use of usernames + + + + + The Protection Server + + + protection + + in AFS + + + + Protection Server + + description + + + + protection + + in UNIX + + + The Protection Server is the key to AFS's refinement of the normal UNIX methods for protecting + files and directories from unauthorized use. The refinements include the following: + + Defining seven access permissions rather than the standard UNIX file system's three. In conjunction with the UNIX + mode bits associated with each file and directory element, AFS associates an access control list + (ACL) with each directory. The ACL specifies which users have which of the seven specific permissions for the + directory and all the files it contains. For a definition of AFS's seven access permissions and how users can set them + on access control lists, see Managing Access Control Lists. + + + access + + + + ACL + + + + + Enabling users to grant permissions to numerous individual users--a different combination to each individual if + desired. UNIX protection distinguishes only between three user or groups: the owner of the file, members of a single + specified group, and everyone who can access the local file system. + + + + Enabling users to define their own groups of users, recorded in the Protection Database + maintained by the Protection Server. The groups then appear on directories' access control lists as though they were + individuals, which enables the granting of permissions to many users simultaneously. + + + + Enabling system administrators to create groups containing client machine IP addresses to permit access when it + originates from the specified client machines. These types of groups are useful when it is necessary to adhere to + machine-based licensing restrictions. + + + + + group + + definition + + + + Protection Database + + + The Protection Server's main duty is to help the File Server determine if a user is authorized to access a file in the + requested manner. The Protection Server creates a list of all the groups to which the user belongs. The File Server then + compares this list to the ACL associated with the file's parent directory. A user thus acquires access both as an individual + and as a member of any groups. + + The Protection Server also maps usernames (the name typed at the login prompt) to AFS user ID + numbers (AFS UIDs). These UIDs are functionally equivalent to UNIX UIDs, but operate in the domain of AFS + rather than in the UNIX file system on a machine's local disk. This conversion service is essential because the tokens that + the Authentication Server grants to authenticated users are stamped with usernames (to comply with Kerberos standards). The + AFS server processes identify users by AFS UID, not by username. Before they can understand whom the token represents, they + need the Protection Server to translate the username into an AFS UID. For further discussion of tokens, see A More Detailed Look at Mutual Authentication. + + + + The Volume Server + + + Volume Server + + description + + + The Volume Server provides the interface through which you create, delete, move, and replicate + volumes, as well as prepare them for archiving to tape or other media (backing up). Volumes + explained the advantages gained by storing files in volumes. Creating and deleting volumes are necessary when adding and + removing users from the system; volume moves are done for load balancing; and replication enables volume placement on multiple + file server machines (for more on replication, see Replication). + + + + The Volume Location (VL) Server + + + VL Server + + description + + + + VLDB + + + The VL Server maintains a complete list of volume locations in the Volume Location + Database (VLDB). When the Cache Manager (see The Cache Manager) begins to fill a + file request from an application program, it first contacts the VL Server in order to learn which file server machine + currently houses the volume containing the file. The Cache Manager then requests the file from the File Server process running + on that file server machine. + + The VLDB and VL Server make it possible for AFS to take advantage of the increased system availability gained by using + multiple file server machines, because the Cache Manager knows where to find a particular file. Indeed, in a certain sense the + VL Server is the keystone of the entire file system--when the information in the VLDB is inaccessible, the Cache Manager + cannot retrieve files, even if the File Server processes are working properly. A list of the information stored in the VLDB + about each volume is provided in Volume Information in the VLDB. + + + VL Server + + importance to transparent access + + + + + The Update Server + + + Update Server + + description + + + The Update Server helps guarantee that all file server machines are running the same version of a + server process. System performance can be inconsistent if some machines are running one version of the BOS Server (for + example) and other machines were running another version. + + To ensure that all machines run the same version of a process, install new software on a single file server machine of + each system type, called the binary distribution machine for that type. The binary distribution machine + runs the server portion of the Update Server, whereas all the other machines of that type run the client portion of the Update + Server. The client portions check frequently with the server portion to see if they are running the right + version of every process; if not, the client portion retrieves the right version from the binary + distribution machine and installs it locally. The system administrator does not need to remember to install new software + individually on all the file server machines: the Update Server does it automatically. For more on binary distribution + machines, see Binary Distribution Machines. + + + Update Server + + server portion + + + + Update Server + + client portion + + + In cells that run the United States edition of AFS, the Update Server also distributes configuration files that all file + server machines need to store on their local disks (for a description of the contents and purpose of these files, see Common Configuration Files in the /usr/afs/etc Directory). As with server process software, the need + for consistent system performance demands that all the machines have the same version of these files. With the United States + edition, the system administrator needs to make changes to these files on one machine only, the cell's system + control machine, which runs a server portion of the Update Server. All other machines in the cell run a client + portion that accesses the correct versions of these configuration files from the system control machine. Cells running the + international edition of AFS do not use a system control machine to distribute configuration files. For more information, see + The System Control Machine. + + + + The Backup Server + + + Backup System + + Backup Server described + + + + Backup Server + + description + + + The Backup Server maintains the information in the Backup Database. The Backup + Server and the Backup Database enable administrators to back up data from AFS volumes to tape and restore it from tape to the + file system if necessary. The server and database together are referred to as the Backup System. + + Administrators initially configure the Backup System by defining sets of volumes to be dumped together and the schedule + by which the sets are to be dumped. They also install the system's tape drives and define the drives' Tape + Coordinators, which are the processes that control the tape drives. + + Once the Backup System is configured, user and system data can be dumped from volumes to tape. In the event that data is + ever lost from the system (for example, if a system or disk failure causes data to be lost), administrators can restore the + data from tape. If tapes are periodically archived, or saved, data can also be restored to its state at a specific time. + Additionally, because Backup System data is difficult to reproduce, the Backup Database itself can be backed up to tape and + restored if it ever becomes corrupted. For more information on configuring and using the Backup System, see Configuring the AFS Backup System and Backing Up and Restoring AFS + Data. + + + + The Salvager + + + Salvager + + description + + + The Salvager differs from other AFS Servers in that it runs only at selected times. The BOS Server + invokes the Salvager when the File Server, Volume Server, or both fail. The Salvager attempts to repair disk corruption that + can result from a failure. + + As a system administrator, you can also invoke the Salvager as necessary, even if the File Server or Volume Server has + not failed. See Salvaging Volumes. + + + + The Network Time Protocol Daemon + + + ntpd + + description + + + The Network Time Protocol Daemon (NTPD) is not an AFS server process per se, but plays an important + role. It helps guarantee that all of the file server machines agree on the time. The NTPD on one file server machine acts as a + synchronization site, generally learning the correct time from a source outside the cell. The NTPDs on the other file server + machines refer to the synchronization site to set the internal clocks on their machines. + + Keeping clocks synchronized is particularly important to the correct operation of AFS's distributed database technology, + which coordinates the copies of the Authentication, Backup, Protection, and Volume Location Databases; see Replicating the OpenAFS Administrative Databases. Client machines also refer to these clocks for the + correct time; therefore, it is less confusing if all file server machines have the same time. For more technical detail about + the NTPD, see The runntp Process. + + + + The Cache Manager + + + Cache Manager + + functions of + + + As already mentioned in Caching and Callbacks, the Cache Manager is + the one component in this section that resides on client machines rather than on file server machines. It is not technically a + stand-alone process, but rather a set of extensions or modifications in the client machine's kernel that enable communication + with the server processes running on server machines. Its main duty is to translate file requests (made by application + programs on client machines) into remote procedure calls (RPCs) to the File Server. (The Cache Manager + first contacts the VL Server to find out which File Server currently houses the volume that contains a requested file, as + mentioned in The Volume Location (VL) Server). When the Cache Manager receives the requested + file, it caches it before passing data on to the application program. + + The Cache Manager also tracks the state of files in its cache compared to the version at the File Server by storing the + callbacks sent by the File Server. When the File Server breaks a callback, indicating that a file or volume changed, the Cache + Manager requests a copy of the new version before providing more data to application programs. + + + \ No newline at end of file Index: openafs/doc/xml/AdminGuide/auagd007.xml diff -c /dev/null openafs/doc/xml/AdminGuide/auagd007.xml:1.1.8.3 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/xml/AdminGuide/auagd007.xml Wed May 13 22:25:59 2009 *************** *** 0 **** --- 1,4101 ---- + + + Issues in Cell Configuration and Administration + + This chapter discusses many of the issues to consider when configuring and administering a cell, and directs you to detailed + related information available elsewhere in this guide. It is assumed you are already familiar with the material in An Overview of OpenAFS Administration. + + It is best to read this chapter before installing your cell's first file server machine or performing any other + administrative task. + + + AFS + + differences from UNIX summarized + + + + UNIX + + differences from AFS summarized + + + + differences + + between AFS and UNIX, summarized + + + + Differences between AFS and UNIX: A Summary + + AFS behaves like a standard UNIX file system in most respects, while also making file sharing easy within and between + cells. This section describes some differences between AFS and the UNIX file system, referring you to more detailed information + as appropriate. + + + protection + + AFS compared to UNIX + + + + Differences in File and Directory Protection + + AFS augments the standard UNIX file protection mechanism in two ways: it associates an access control list + (ACL) with each directory, and it enables users to define a large number of their own groups, which can be placed + on ACLs. + + AFS uses ACLs to protect files and directories, rather than relying exclusively on the mode bits. This has several + implications, which are discussed further in the indicated sections: + + AFS ACLs use seven access permissions rather than the three UNIX mode bits. See The AFS + ACL Permissions. + + + + For directories, AFS ignores the UNIX mode bits. For files, AFS uses only the first set of mode bits (the + owner bits) , and their meaning interacts with permissions on the directory's ACL. See + How AFS Interprets the UNIX Mode Bits. + + + + A directory's ACL protects all of the files in a directory in the same manner. To apply a more restrictive set of + AFS permissions to certain file, place it in directory with a different ACL. + + + + Moving a file to a different directory changes its protection. See Differences Between + UFS and AFS Data Protection. + + + + An ACL can include about 20 entries granting different combinations of permissions to different users or groups, + rather than only the three UNIX entities represented by the three sets of mode bits. See Differences Between UFS and AFS Data Protection. + + + + You can designate an AFS file as write-only as in the UNIX file system, by setting only the w (write) mode bit. You cannot designate an AFS directory as + write-only, because AFS ignores the mode bits on a directory. See How AFS Interprets the UNIX + Mode Bits. + + + + AFS enables users to define the groups of other users. Placing these groups on ACLs extends the same permissions to a + number of exactly specified users at the same time, which is much more convenient than placing the individuals on the ACLs + directly. See Administering the Protection Database. + + There are also system-defined groups, system:anyuser and system:authuser, whose presence on an ACL extends access to a wide range of users at once. See The System Groups and Using Groups on ACLs. + + + authentication + + AFS compared to UNIX + + + + password + + AFS compared to UNIX + + + + + Differences in Authentication + + Just as the AFS filespace is distinct from each machine's local file system, AFS authentication is separate from local + login. This has two practical implications, which are discussed further in Using an AFS-modified login + Utility. + + To access AFS files, users must both log into the local machine's UNIX file system and authenticate with the AFS + authentication service. (Logging into the local UNIX file system is necessary because the AFS filespace is accessed + through the Cache Manager, which resides in the local machine's kernel.) + + AFS provides a modified login utility for each system type that accomplishes both local login and AFS + authentication in one step, based on a single password. If you choose not to use the AFS-modified login utility, your + users must login and authenticate in separate steps, as detailed in the OpenAFS User Guide. + + + + Passwords are stored in two separate places: the Authentication Database for AFS and each machine's local password + file (/etc/passwd or equivalent) for the UNIX file system. A user's passwords in the + two places can differ if desired, though the resulting behavior depends on whether and how the cell is using an + AFS-modified login utility. + + + + + + Differences in the Semantics of Standard UNIX Commands + + This section summarizes how AFS modifies the functionality of some UNIX commands. + + chmod command + + AFS compared to UNIX + + + + commands + + chmod (AFS compared to UNIX) + + + + setuid programs + + setting mode bits + + + + The chmod command + + + Only members of the system:administrators group can use this command to turn on + the setuid, setgid or sticky mode bits on AFS files. For more information, see Determining if + a Client Can Run Setuid Programs. + + + chown command + + AFS compared to UNIX + + + + commands + + chown (AFS compared to UNIX) + + + + + + The chown command + + + Only members of the system:administrators group can issue this command on AFS + files. + + + chgrp command + + AFS compared to UNIX + + + + commands + + chgrp (AFS compared to UNIX) + + + + + + The chgrp command + + + Only members of the system:administrators can issue this command on AFS files + and directories. + + + ftpd command + + AFS compared to UNIX + + + + commands + + ftpd (AFS compared to UNIX) + + + + + + The ftpd daemon + + + The AFS-modified version of this daemon attempts to authenticate remote issuers of the ftp command with the local AFS authentication service. See Using UNIX + Remote Services in the AFS Environment. + + + groups command + + AFS compared to UNIX + + + + commands + + groups (AFS compared to UNIX) + + + + + + The groups command + + + If the user's AFS tokens are associated with a process authentication group (PAG), the output of this command + sometimes includes two large numbers. To learn about PAGs, see Identifying AFS Tokens by + PAG. + + + inetd command + + AFS compared to UNIX + + + + commands + + inetd (AFS compared to UNIX) + + + + + + The inetd daemon + + + The AFS-modified version of this daemon authenticates remote issuers of the AFS-modified rcp and rsh commands with the local AFS authentication + service. See Using UNIX Remote Services in the AFS Environment. + + + + + The login utility + + + AFS-modified login utilities both log the issuer into the local file system and authenticate the user with the + AFS authentication service. See Using an AFS-modified login Utility. + + + ln command + + AFS compared to UNIX + + + + commands + + ln (AFS compared to UNIX) + + + + + + The ln command + + + This command cannot create hard links between files in different AFS directories. See Creating Hard Links. + + + rcp command + + AFS compared to UNIX + + + + commands + + rcp (AFS compared to UNIX) + + + + + + The rcp command + + + The AFS-modified version of this command enables the issuer to access files on the remote machine as an + authenticated AFS user. See Using UNIX Remote Services in the AFS Environment. + + + rlogind command + + AFS compared to UNIX + + + + commands + + rlogind (AFS compared to UNIX) + + + + + + The rlogind daemon + + + The AFS-modified version of this daemon authenticates remote issuers of the rlogin command with the local AFS authentication service. See Using + UNIX Remote Services in the AFS Environment. + + The AFS distribution for some system types possibly does not include a modified rlogind program. See the OpenAFS Release Notes. + + + rsh command + + AFS compared to UNIX + + + + commands + + rsh (AFS compared to UNIX) + + + + + + The remsh or rsh command + + + The AFS-modified version of this command enables the issuer to execute commands on the remote machine as an + authenticated AFS user. See Using UNIX Remote Services in the AFS Environment. + + + + + + fsck command + + AFS compared to UNIX + + + + commands + + fsck (AFS compared to UNIX) + + + + fsck command + + AFS version + + + + commands + + fsck (AFS version) + + + + directories + + lost+found + + + + lost+found directory + + + + + The AFS version of the fsck Command + + Never run the standard UNIX fsck command on an AFS file server machine. It does not + understand how the File Server organizes volume data on disk, and so moves all AFS data into the lost+found directory on the partition. + + Instead, use the version of the fsck program that is included in the AFS distribution. + The OpenAFS Quick Beginnings explains how to replace the vendor-supplied fsck program with the AFS version as you install each server machine. + + The AFS version functions like the standard fsck program on data stored on both UFS and + AFS partitions. The appearance of a banner like the following as the fsck program initializes + confirms that you are running the correct one: + + + --- AFS (R) version fsck--- + + + where version is the AFS version. For correct results, it must match the AFS version of the server + binaries in use on the machine. + + If you ever accidentally run the standard version of the program, contact AFS Product Support immediately. It is + sometimes possible to recover volume data from the lost+found directory. + + + hard link + + AFS restrictions on + + + + restrictions + + on hard links in AFS + + + + + Creating Hard Links + + AFS does not allow hard links (created with the UNIX ln command) between files that + reside in different directories, because in that case it is unclear which of the directory's ACLs to associate with the + link. + + AFS also does not allow hard links to directories, in order to keep the file system organized as a tree. + + It is possible to create symbolic links (with the UNIX ln -s command) between elements + in two different AFS directories, or even between an element in AFS and one in a machine's local UNIX file system. Do not + create a symbolic link to a file whose name begins with either a number sign (#) or a percent + sign (%), however. The Cache Manager interprets such links as a mount point to a regular or + read/write volume, respectively. + + + fsync system call + + for files saved on AFS client + + + + close system call + + for files saved on AFS client + + + + write + + system call for files saved on AFS client + + + + + AFS Implements Save on Close + + When an application issues the UNIX close system call on a file, the Cache Manager + performs a synchronous write of the data to the File Server that maintains the central copy of the file. It does not return + control to the application until the File Server has acknowledged receipt of the data. For the fsync system call, control does not return to the application until the File Server indicates that it + has written the data to non-volatile storage on the file server machine. + + When an application issues the UNIX write system call, the Cache Manager writes + modifications to the local AFS client cache only. If the local machine crashes or an application program exits without issuing + the close system call, it is possible that the modifications are not recorded in the central + copy of the file maintained by the File Server. The Cache Manager does sometimes write this type of modified data from the + cache to the File Server without receiving the close or fsync system call, for example if it needs to free cache chunks for new data. However, it is not + generally possible to predict when the Cache Manager transfers modified data to the File Server in this way. + + The implication is that if an application's Save option invokes the write system call rather than close or fsync, the changes are not necessarily stored permanently on the File Server machine. Most application + programs issue the close system call for save operations, as well as when they finish + handling a file and when they exit. + + + + Setuid Programs + + + setuid programs + + restrictions on + + + Set the UNIX setuid bit only for the local superuser root; this does not present an + automatic security risk: the local superuser has no special privilege in AFS, but only in the local machine's UNIX file system + and kernel. + + Any file can be marked with the setuid bit, but only members of the system:administrators group can issue the chown system call or the + /etc/chown command. + + The fs setcell command determines whether setuid programs that originate in a foreign + cell can run on a given client machine. See Determining if a Client Can Run Setuid + Programs. + + + cell + + name + + choosing + + + + choosing + + name + + cell + + + + conventions + + cell name + + + + Internet + + conventions for cell name + + + + + + Choosing a Cell Name + + This section explains how to choose a cell name and explains why choosing an appropriate cell name is important. + + Your cell name must distinguish your cell from all others in the AFS global namespace. By conventions, the cell name is + the second element in any AFS pathname; therefore, a unique cell name guarantees that every AFS pathname uniquely identifies a + file, even if cells use the same directory names at lower levels in their local AFS filespace. For example, both the ABC + Corporation cell and the State University cell can have a home directory for the user pat, + because the pathnames are distinct: /afs/abc.com/usr/pat and /afs/stateu.edu/usr/pat. + + By convention, cell names follow the ARPA Internet Domain System conventions for site names. If you are already an + Internet site, then it is simplest to choose your Internet domain name as the cellname. + + If you are not an Internet site, it is best to choose a unique Internet-style name, particularly if you plan to connect to + the Internet in the future. AFS Product Support is available for help in selecting an appropriate name. There are a few + constraints on AFS cell names: + + It can contain as many as 64 characters, but shorter names are better because the cell name frequently is part of + machine and file names. If your cell name is long, you can reduce pathname length by creating a symbolic link to the + complete cell name, at the second level in your file tree. See The Second (Cellname) + Level. + + + + To guarantee it is suitable for different operating system types, the cell name can contain only lowercase + characters, numbers, underscores, dashes, and periods. Do not include command shell metacharacters. + + + + It can include any number of fields, which are conventionally separated by periods (see the examples below). + + + + It must end in a suffix that indicates the type of institution it is, or the country in which it is situated. The + following are some of the standard suffixes: + + .com + + + For businesses and other commercial organizations. Example: abc.com for the + ABC Corporation cell. + + + + + .edu + + + For educational institutions such as universities. Example: stateu.edu for + the State University cell. + + + + + .gov + + + For United States government institutions. + + + + + .mil + + + For United States military installations. + + + + + + + + Internet + + Network Information Center + + + + Network Information Center (for Internet) + + + Other suffixes are available if none of these are appropriate. You can learn about suffixes by calling the Defense Data + Network [Internet] Network Information Center in the United States at (800) 235-3155. The NIC can also provide you with the + forms necessary for registering your cell name as an Internet domain name. Registering your name prevents another Internet site + from adopting the name later. + + + setting + + cell name + + + + cell + + name + + setting + + + + server machine + + setting home cell + + + + client machine + + setting home cell + + + + How to Set the Cell Name + + The cell name is recorded in two files on the local disk of each file server and client machine. Among other functions, + these files define the machine's cell membership and so affect how programs and processes run on the machine; see Why Choosing the Appropriate Cell Name is Important. The procedure for setting the cell name is + different for the two types of machines. + + For file server machines, the two files that record the cell name are the /usr/afs/etc/ThisCell and /usr/afs/etc/CellServDB files. As described + more explicitly in the OpenAFS Quick Beginnings, you set the cell name in both by issuing the bos setcellname command on the first file server machine you install in your cell. It is not usually + necessary to issue the command again. If you run the United States edition of AFS and use the Update Server, it distributes + its copy of the ThisCell and CellServDB files to additional + server machines that you install. If you use the international edition of AFS, the OpenAFS Quick + Beginnings explains how to copy the files manually. + + For client machines, the two files that record the cell name are the /usr/vice/etc/ThisCell and /usr/vice/etc/CellServDB files. You create + these files on a per-client basis, either with a text editor or by copying them onto the machine from a central source in AFS. + See Maintaining Knowledge of Database Server Machines for details. + + Change the cell name in these files only when you want to transfer the machine to a different cell (it can only belong + to one cell at a time). If the machine is a file server, follow the complete set of instructions in the OpenAFS + Quick Beginnings for configuring a new cell. If the machine is a client, all you need to do is change the files + appropriately and reboot the machine. The next section explains further the negative consequences of changing the name of an + existing cell. + + To set the default cell name used by most AFS commands without changing the local /usr/vice/etc/ThisCell file, set the AFSCELL environment variable in the command shell. It is worth + setting this variable if you need to complete significant administrative work in a foreign cell. + + + The fs checkservers and fs mkmount commands do not + use the AFSCELL variable. The fs checkservers command always defaults to the cell named in + the ThisCell file, unless the -cell argument is used. The + fs mkmount command defaults to the cell in which the parent directory of the new mount + point resides. + + + + ThisCell file (client) + + how used by programs + + + + + Why Choosing the Appropriate Cell Name is Important + + Take care to select a cell name that is suitable for long-term use. Changing a cell name later is complicated. An + appropriate cell name is important because it is the second element in the pathname of all files in a cell's file tree. + Because each cell name is unique, its presence in an AFS pathname makes the pathname unique in the AFS global namespace, even + if multiple cells use similar filespace organization at lower levels. For instance, it means that every cell can have a home + directory called /afs/cellname/usr/pat without causing a conflict. The presence of the cell name in pathnames also means that users + in every cell use the same pathname to access a file, whether the file resides in their local cell or in a foreign + cell. + + Another reason to choose the correct cell name early in the process of installing your cell is that the cell membership + defined in each machine's ThisCell file affects the performance of many programs and + processes running on the machine. For instance, AFS commands (fs, kas, pts and vos commands) by default + execute in the cell of the machine on which they are issued. The command interpreters check the ThisCell file on the local disk and then contact the database server machines listed in the CellServDB file for the indicated cell (the bos commands work + differently because the issuer always has to name of the machine on which to run the command). + + The ThisCell file also determines the cell for which a user receives an AFS token when + he or she logs in to a machine. The cell name also plays a role in security. As it converts a user password into an encryption + key for storage in the Authentication Database, the Authentication Server combines the password with the cell name found in + the ThisCell file. AFS-modified login utilities use the same algorithm to convert the user's + password into an encryption key before contacting the Authentication Server to obtain a token for the user. (For a description + of how AFS's security system uses encryption keys, see A More Detailed Look at Mutual + Authentication.) + + This method of converting passwords into encryption keys means that the same password results in different keys in + different cells. Even if a user uses the same password in multiple cells, obtaining a user's token from one cell does not + enable unauthorized access to the user's account in another cell. + + If you change the cell name, you must change the ThisCell and CellServDB files on every server and client machine. Failure to change them all can prevent login, + because the encryption keys produced by the login utility do not match the keys stored in the Authentication Database. In + addition, many commands from the AFS suites do not work as expected. + + + participation + + in AFS global namespace + + + + AFS + + global namespace + + + + global namespace + + + + + + Participating in the AFS Global Namespace + + Participating in the AFS global namespace makes your cell's local file tree visible to AFS users in foreign cells and + makes other cells' file trees visible to your local users. It makes file sharing across cells just as easy as sharing within a + cell. This section outlines the procedures necessary for participating in the global namespace. + + Participation in the global namespace is not mandatory. Some cells use AFS primarily to facilitate file sharing + within the cell, and are not interested in providing their users with access to foreign cells. + + + + Making your file tree visible does not mean making it vulnerable. You control how foreign users access your cell + using the same protection mechanisms that control local users' access. See Granting and Denying + Foreign Users Access to Your Cell. + + + + The two aspects of participation are independent. A cell can make its file tree visible without allowing its users + to see foreign cells' file trees, or can enable its users to see other file trees without advertising its own. + + + + You make your cell visible to others by advertising your database server machines. See Making Your Cell Visible to Others. + + + + You control access to foreign cells on a per-client machine basis. In other words, it is possible to make a foreign + cell accessible from one client machine in your cell but not another. See Making Other Cells + Visible in Your Cell. + + + + + conventions + + AFS pathnames + + + + AFS + + root directory (/afs) + + on client machine + + + + directories + + /afs + + + + directories + + /afs/cellname + + + + cell + + name + + at second level in file tree + + + + What the Global Namespace Looks Like + + The AFS global namespace appears the same to all AFS cells that participate in it, because they all agree to follow a + small set of conventions in constructing pathnames. + + The first convention is that all AFS pathnames begin with the string /afs to indicate + that they belong to the AFS global namespace. + + The second convention is that the cell name is the second element in an AFS pathname; it indicates where the file + resides (that is, the cell in which a file server machine houses the file). As noted, the presence of a cell name in pathnames + makes the global namespace possible, because it guarantees that all AFS pathnames are unique even if cells use the same + directory names at lower levels in their AFS filespace. + + What appears at the third and lower levels in an AFS pathname depends on how a cell has chosen to arrange its filespace. + There are some suggested conventional directories at the third level; see The Third + Level. + + + cell + + making local visible to foreign + + + + local cell + + making visible to foreign cells + + + + foreign cell + + making local cell visible + + + + + Making Your Cell Visible to Others + + You make your cell visible to others by advertising your cell name and database server machines. Just like client + machines in the local cell, the Cache Manager on machines in foreign cells use the information to reach your cell's Volume + Location (VL) Servers when they need volume and file location information. Similarly, client-side authentication programs + running in foreign cells use the information to contact your cell's authentication service. + + There are two places you can make this information available: + + files + + global CellServDB + + + + CellServDB file maintained by AFS Product Support + + as global update source + + + + In the global CellServDB file maintained by the AFS Product Support group. This + file lists the name and database server machines of every cell that has agreed to make this information available to + other cells. + + To add or change your cell's listing in this file, have the official support contact at your site call or write to + AFS Product Support. Changes to the file are frequent enough that AFS Product Support does not announce each one. It is + a good policy to check the file for changes on a regular schedule. + + + files + + CellServDB.local + + + + CellServDB.local file + + + + + A file called CellServDB.local in the /afs/cellname/service/etc directory + of your cell's filespace. List only your cell's database server machines. + + + + Update the files whenever you change the identity of your cell's database server machines. Also update the copies of the + CellServDB files on all of your server machines (in the /usr/afs/etc directory) and client machines (in the /usr/vice/etc + directory). For instructions, see Maintaining the Server CellServDB File and Maintaining Knowledge of Database Server Machines. + + Once you have advertised your database server machines, it can be difficult to make your cell invisible again. You can + remove the CellServDB.local file and ask AFS Product Support to remove your entry from the + global CellServDB file, but other cells probably have an entry for your cell in their local + CellServDB files already. To make those entries invalid, you must change the names or IP + addresses of your database server machines. + + Your cell does not have to be invisible to be inaccessible, however. To make your cell completely inaccessible to + foreign users, remove the system:anyuser group from all ACLs at the top three levels of your + filespace; see Granting and Denying Foreign Users Access to Your Cell. + + + cell + + making foreign visible to local + + + + local cell + + making foreign cells visible in + + + + foreign cell + + making visible in local cell + + + + client machine + + making foreign cell visible + + + + + Making Other Cells Visible in Your Cell + + To make a foreign cell's filespace visible on a client machine in your cell, perform the following three steps: + + + Mount the cell's root.cell volume at the second level in your cell's filespace + just below the /afs directory. Use the fs mkmount + command with the -cell argument as instructed in To create a + cellular mount point. + + + + Mount AFS at the /afs directory on the client machine. The afsd program, which initializes the Cache Manager, performs the mount automatically at the + directory named in the first field of the local /usr/vice/etc/cacheinfo file or by the + command's -mountdir argument. Mounting AFS at an alternate location makes it impossible + to reach the filespace of any cell that mounts its root.afs and root.cell volumes at the conventional locations. See Displaying and + Setting the Cache Size and Location. + + + + Create an entry for the cell in the list of database server machines which the Cache Manager maintains in kernel + memory. + + The /usr/vice/etc/CellServDB file on every client machine's local disk lists the + database server machines for the local and foreign cells. The afsd program reads the + contents of the CellServDB file into kernel memory as it initializes the Cache Manager. + You can also use the fs newcell command to add or alter entries in kernel memory + directly between reboots of the machine. See Maintaining Knowledge of Database Server + Machines. + + + + Note that making a foreign cell visible to client machines does not guarantee that your users can access its filespace. + The ACLs in the foreign cell must also grant them the necessary permissions. + + + cell + + granting local access to foreign users + + + + local cell + + granting foreign users access to + + + + + Granting and Denying Foreign Users Access to Your Cell + + Making your cell visible in the AFS global namespace does not take away your control over the way in which users from + foreign cells access your file tree. + + By default, foreign users access your cell as the user anonymous, which means they have + only the permissions granted to the system:anyuser group on each directory's ACL. Normally + these permissions are limited to the l (lookup) and + r (read) permissions. + + There are two ways to grant wider access to foreign users: + + Grant additional permissions to the system:anyuser group on certain ACLs. Keep in + mind, however, that all users can then access that directory in the indicated way (not just specific foreign users you + have in mind). + + + + Create a local authentication account for specific foreign users, by creating entries in the Protection and + Authentication Databases and local password file. It is not possible to place foreign usernames on ACLs, nor to + authenticate in a foreign cell without having an account in it. + + + + + cell + + filespace configuration issues + + + + configuring + + filespace, issues + + + + file tree + + conventions + + for configuring + + + + + + Configuring Your AFS Filespace + + This section summarizes the issues to consider when configuring your AFS filespace. For a discussion of creating volumes + that correspond most efficiently to the filespace's directory structure, see Creating Volumes to + Simplify Administration. + + + For Windows users: Windows uses a backslash (\) rather + than a forward slash (/) to separate the elements in a pathname. The hierarchical + organization of the filespace is however the same as on a UNIX machine. + + + AFS pathnames must follow a few conventions so the AFS global namespace looks the same from any AFS client machine. There + are corresponding conventions to follow in building your file tree, not just because pathnames reflect the structure of a file + tree, but also because the AFS Cache Manager expects a certain configuration. + + + AFS + + root directory (/afs) + + in cell filespace + + + + directories + + /afs + + + + The Top /afs Level + + The first convention is that the top level in your file tree be called the /afs + directory. If you name it something else, then you must use the -mountdir argument with the + afsd program to get Cache Managers to mount AFS properly. You cannot participate in the AFS + global namespace in that case. + + + cell + + name + + at second level in file tree + + + + directories + + /afs/cellname + + + + symbolic link + + at second level of AFS pathname + + + + + The Second (Cellname) Level + + The second convention is that just below the /afs directory you place directories + corresponding to each cell whose file tree is visible and accessible from the local cell. Minimally, there must be a directory + for the local cell. Each such directory is a mount point to the indicated cell's root.cell + volume. For example, in the ABC Corporation cell, /afs/abc.com is a mount point for the + cell's own root.cell volume and stateu.edu is a mount point + for the State University cell's root.cell volume. The fs + lsmount command displays the mount points. + + + % fs lsmount /afs/abc.com + '/afs/abc.com' is a mount point for volume '#root.cell' + % fs lsmount /afs/stateu.edu + '/afs/stateu.edu' is a mount point for volume '#stateu.edu:root.cell' + + + To reduce the amount of typing necessary in pathnames, you can create a symbolic link with an abbreviated name to the + mount point of each cell your users frequently access (particularly the home cell). In the ABC Corporation cell, for instance, + /afs/abc is a symbolic link to the /afs/abc.com mount point, + as the fs lsmount command reveals. + + + % fs lsmount /afs/abc + '/afs/abc' is a symbolic link, leading to a mount point for volume '#root.cell' + + + + file tree + + conventions + + third level + + + + directories + + conventional under /afs/cellname + + + + + The Third Level + + You can organize the third level of your cell's file tree any way you wish. The following list describes directories + that appear at this level in the conventional configuration: + + common + + + This directory contains programs and files needed by users working on machines of all system types, such as text + editors, online documentation files, and so on. Its /etc subdirectory is a logical + place to keep the central update sources for files used on all of your cell's client machines, such as the ThisCell and CellServDB files. + + + + + public + + + A directory accessible to anyone who can access your filespace, because its ACL grants the l (lookup) and r (read) permissions to the system:anyuser group. It is useful if + you want to enable your users to make selected information available to everyone, but do not want to grant foreign + users access to the contents of the usr directory which houses user home directories + (and is also at this level). It is conventional to create a subdirectory for each of your cell's users. + + + + + service + + + This directory contains files and subdirectories that help cells coordinate resource sharing. For a list of the + proposed standard files and subdirectories to create, call or write to AFS Product Support. + + As an example, files that other cells expect to find in this directory's etc + subdirectory can include the following: + + CellServDB.export, a list of database server machines for many + cells + + + + CellServDB.local, a list of the cell's own database server + machines + + + + passwd, a copy of the local password file (/etc/passwd or equivalent) kept on the local disk of the cell's client machines + + + + group, a copy of the local groups file (/etc/group or equivalent) kept on the local disk of the cell's client machines + + + + + + + sys_type + + + A separate directory for storing the server and client binaries for each system type you use in the cell. + Configuration is simplest if you use the system type names assigned in the AFS distribution, particularly if you wish + to use the @sys variable in pathnames (see Using the @sys + Variable in Pathnames). The OpenAFS Release Notes lists the conventional name for each + supported system type. + + Within each such directory, create directories named bin, etc, usr, and so on, to store the programs normally kept in + the /bin, /etc and /usr directories on a local disk. Then create symbolic links from the local directories on + client machines into AFS; see Configuring the Local Disk. Even if you do not choose to + use symbolic links in this way, it can be convenient to have central copies of system binaries in AFS. If binaries are + accidentally removed from a machine, you can recopy them onto the local disk from AFS rather than having to recover + them from tape + + + + + usr + + + This directory contains home directories for your local users. As discussed in the previous entry for the + public directory, it is often practical to protect this directory so that only + locally authenticated users can access it. This keeps the contents of your user's home directories as secure as + possible. + + If your cell is quite large, directory lookup can be slowed if you put all home directories in a single + usr directory. For suggestions on distributing user home directories among multiple + grouping directories, see Grouping Home Directories. + + + + + wsadmin + + + This directory contains prototype, configuration and library files for use with the package program. See Configuring Client Machines with the package + Program. + + + + + + volume name + + conventions for + + + + conventions + + volume names + + + + volume + + separate for each top level directory + + + + file tree + + creating volumes to match top level directories + + + + + + Creating Volumes to Simplify Administration + + This section discusses how to create volumes in ways that make administering your system easier. + + At the top levels of your file tree (at least through the third level), each directory generally corresponds to a separate + volume. Some cells also configure the subdirectories of some third level directories as separate volumes. Common examples are + the /afs/cellname/common and + /afs/cellname/usr + directories. + + You do not have to create a separate volume for every directory level in a tree, but the advantage is that each volume + tends to be smaller and easier to move for load balancing. The overhead for a mount point is no greater than for a standard + directory, nor does the volume structure itself require much disk space. Most cells find that below the fourth level in the + tree, using a separate volume for each directory is no longer efficient. For instance, while each user's home directory (at the + fourth level in the tree) corresponds to a separate volume, all of the subdirectories in the home directory normally reside in + the same volume. + + Keep in mind that only one volume can be mounted at a given directory location in the tree. In contrast, a volume can be + mounted at several locations, though this is not recommended because it distorts the hierarchical nature of the file tree, + potentially causing confusion. + + + volume name + + restrictions + + + + restrictions + + on volume names + + + + volume name + + two required + + + + volume + + root (root.afs and root.cell) + + + + root volumes (root.afs and root.cell) + + + + Assigning Volume Names + + You can name your volumes anything you choose, subject to a few restrictions: + + Read/write volume names can be up to 22 characters in length. The maximum length for volume names is 31 + characters, and there must be room to add the .readonly extension on read-only + volumes. + + + + Do not add the .readonly and .backup extensions + to volume names yourself, even if they are appropriate. The Volume Server adds them automatically as it creates a + read-only or backup version of a volume. + + + + There must be volumes named root.afs and root.cell, mounted respectively at the top (/afs) level in the + filespace and just below that level, at the cell's name (for example, at /afs/abc.com + in the ABC Corporation cell). + + Deviating from these names only creates confusion and extra work. Changing the name of the root.afs volume, for instance, means that you must use the -rootvol argument to the afsd program on every client machine, + to name the alternate volume. + + Similarly, changing the root.cell volume name prevents users in foreign cells + from accessing your filespace, if the mount point for your cell in their filespace refers to the conventional root.cell name. Of course, this is one way to make your cell invisible to other cells. + + + + It is best to assign volume names that indicate the type of data they contain, and to use similar names for volumes with + similar contents. It is also helpful if the volume name is similar to (or at least has elements in common with) the name of + the directory at which it is mounted. Understanding the pattern then enables you accurately to guess what a volume contains + and where it is mounted. + + Many cells find that the most effective volume naming scheme puts a common prefix on the names of all related volumes. + Table 1 describes the recommended prefixing scheme. + + + Suggested volume prefixes + + + + + + + + + + + + + Prefix + + Contents + + Example Name + + Example Mount Point + + + + + + common. + + popular programs and files + + common.etc + + /afs/cellname/common/etc + + + + src. + + source code + + src.afs + + /afs/cellname/src/afs + + + + proj. + + project data + + proj.portafs + + /afs/cellname/proj/portafs + + + + test. + + testing or other temporary data + + test.smith + + /afs/cellname/usr/smith/test + + + + user. + + user home directory data + + user.terry + + /afs/cellname/usr/terry + + + + sys_type. + + programs compiled for an operating system type + + rs_aix42.bin + + /afs/cellname/rs_aix42/bin + + + +
+ + Table 2 is a more specific example for a cell's rs_aix42 system volumes and directories: + + + Example volume-prefixing scheme + + + + + + + + + + + + + Example Name + + Example Mount Point + + + + + + rs_aix42.bin + + /afs/cellname/rs_aix42/bin, /afs/cellname/rs_aix42/bin + + + + rs_aix42.etc + + /afs/cellname/rs_aix42/etc + + + + rs_aix42.usr + + /afs/cellname/rs_aix42/usr + + + + rs_aix42.usr.afsws + + /afs/cellname/rs_aix42/usr/afsws + + + + rs_aix42.usr.lib + + /afs/cellname/rs_aix42/usr/lib + + + + rs_aix42.usr.bin + + /afs/cellname/rs_aix42/usr/bin + + + + rs_aix42.usr.etc + + /afs/cellname/rs_aix42/usr/etc + + + + rs_aix42.usr.inc + + /afs/cellname/rs_aix42/usr/inc + + + + rs_aix42.usr.man + + /afs/cellname/rs_aix42/usr/man + + + + rs_aix42.usr.sys + + /afs/cellname/rs_aix42/usr/sys + + + + rs_aix42.usr.local + + /afs/cellname/rs_aix42/usr/local + + + +
+ + There are several advantages to this scheme: + + The volume name is similar to the mount point name in the filespace. In all of the entries in Table 2, for example, the only difference between the volume and mount point name is + that the former uses periods as separators and the latter uses slashes. Another advantage is that the volume name + indicates the contents, or at least suggests the directory on which to issue the ls + command to learn the contents. + + + + It makes it easy to manipulate groups of related volumes at one time. In particular, the vos + backupsys command's -prefix argument enables you to create a backup version + of every volume whose name starts with the same string of characters. Making a backup version of each volume is one of + the first steps in backing up a volume with the AFS Backup System, and doing it for many volumes with one command saves + you a good deal of typing. For instructions for creating backup volumes, see Creating Backup + Volumes, For information on the AFS Backup System, see Configuring the AFS Backup + System and Backing Up and Restoring AFS Data. + + + + It makes it easy to group related volumes together on a partition. Grouping related volumes together has several + advantages of its own, discussed in Grouping Related Volumes on a Partition. + + + + + volume + + grouping related on same partition + + + + disk partition + + grouping related volumes on + + + + + Grouping Related Volumes on a Partition + + If your cell is large enough to make it practical, consider grouping related volumes together on a partition. In + general, you need at least three file server machines for volume grouping to be effective. Grouping has several advantages, + which are most obvious when the file server machine becomes inaccessible: + + If you keep a hardcopy record of the volumes on a partition, you know which volumes are unavailable. You can keep + such a record without grouping related volumes, but a list composed of unrelated volumes is much harder to maintain. + Note that the record must be on paper, because the outage can prevent you from accessing an online copy or from issuing + the vos listvol command, which gives you the same information. + + + + The effect of an outage is more localized. For example, if all of the binaries for a given system type are on one + partition, then only users of that system type are affected. If a partition houses binary volumes from several system + types, then an outage can affect more people, particularly if the binaries that remain available are interdependent with + those that are not available. + + + + The advantages of grouping related volumes on a partition do not necessarily extend to the grouping of all related + volumes on one file server machine. For instance, it is probably unwise in a cell with two file server machines to put all + system volumes on one machine and all user volumes on the other. An outage of either machine probably affects everyone. + + Admittedly, the need to move volumes for load balancing purposes can limit the practicality of grouping related volumes. + You need to weigh the complementary advantages case by case. + + + replication + + appropriate volumes + + + + volume + + type to replicate + + + + volume + + where to place replicated + + + + read-only volume + + selecting site + + + + + When to Replicate Volumes + + As discussed in Replication, replication refers to making a copy, or clone, of a + read/write source volume and then placing the copy on one or more additional file server machines. Replicating a volume can + increase the availability of the contents. If one file server machine housing the volume becomes inaccessible, users can still + access the copy of the volume stored on a different machine. No one machine is likely to become overburdened with requests for + a popular file, either, because the file is available from several machines. + + However, replication is not appropriate for all cells. If a cell does not have much disk space, replication can be + unduly expensive, because each clone not on the same partition as the read/write source takes up as much disk space as its + source volume did at the time the clone was made. Also, if you have only one file server machine, replication uses up disk + space without increasing availability. + + Replication is also not appropriate for volumes that change frequently. You must issue the vos + release command every time you need to update a read-only volume to reflect changes in its read/write + source. + + For both of these reasons, replication is appropriate only for popular volumes whose contents do not change very often, + such as system binaries and other volumes mounted at the upper levels of your filespace. User volumes usually exist only in a + read/write version since they change so often. + + If you are replicating any volumes, you must replicate the root.afs and root.cell volumes, preferably at two or three sites each (even if your cell only has two or three file + server machines). The Cache Manager needs to pass through the directories corresponding to the root.afs and root.cell volumes as it interprets any pathname. The + unavailability of these volumes makes all other volumes unavailable too, even if the file server machines storing the other + volumes are still functioning. + + Another reason to replicate the root.afs volume is that it can lessen the load on the + File Server machine. The Cache Manager has a bias to access a read-only version of the root.afs volume if it is replicate, which puts the Cache Manager onto the read-only + path through the AFS filespace. While on the read-only path, the Cache Manager attempts to access a read-only copy + of replicated volumes. The File Server needs to track only one callback per Cache Manager for all of the data in a read-only + volume, rather than the one callback per file it must track for read/write volumes. Fewer callbacks translate into a smaller + load on the File Server. + + If the root.afs volume is not replicated, the Cache Manager follows a read/write path + through the filespace, accessing the read/write version of each volume. The File Server distributes and tracks a separate + callback for each file in a read/write volume, imposing a greater load on it. + + For more on read/write and read-only paths, see The Rules of Mount Point + Traversal. + + It also makes sense to replicate system binary volumes in many cases, as well as the volume corresponding to the + /afs/cellname/usr directory and + the volumes corresponding to the /afs/cellname/common directory and its subdirectories. + + It is a good idea to place a replica on the same partition as the read/write source. In this case, the read-only volume + is a clone (like a backup volume): it is a copy of the source volume's vnode index, rather than a full copy of the volume + contents. Only if the read/write volume moves to another partition or changes substantially does the read-only volume consume + significant disk space. Read-only volumes kept on other partitions always consume the full amount of disk space that the + read/write source consumed when the read-only volume was created. + + + + The Default Quota and ACL on a New Volume + + Every AFS volume has associated with it a quota that limits the amount of disk space the volume is allowed to use. To + set and change quota, use the commands described in Setting and Displaying Volume Quota and Current + Size. + + By default, every new volume is assigned a space quota of 5000 KB blocks unless you include the -maxquota argument to the vos create command. Also by default, the ACL + on the root directory of every new volume grants all permissions to the members of the system:administrators group. To learn how to change these values when creating an account with + individual commands, see To create one user account with individual commands. When using + uss commands to create accounts, you can specify alternate ACL and quota values in the + template file's V instruction; see Creating a Volume with the V + Instruction. + + + server machine + + configuration issues + + + + configuring + + file server machine, issues + + + + roles for server machine + + summary + + + + server machine + + roles for + + summary + + + + server machine + + first installed + + + + + + Configuring Server Machines + + This section discusses some issues to consider when configuring server machines, which store AFS data, transfer it to + client machines on request, and house the AFS administrative databases. To learn about client machines, see Configuring Client Machines. + + If your cell has more than one AFS server machine, you can configure them to perform specialized functions. A machine can + assume one or more of the roles described in the following list. For more details, see The Four Roles + for File Server Machines. + + A simple file server machine runs only the processes that store and deliver AFS files to client + machines. You can run as many simple file server machines as you need to satisfy your cell's performance and disk space + requirements. + + + + A database server machine runs the four database server processes that maintain AFS's + replicated administrative databases: the Authentication, Backup, Protection, and Volume Location (VL) Server + processes. + + + + A binary distribution machine distributes the AFS server binaries for its system type to all + other server machines of that system type. + + + + The single system control machine distributes common server configuration files to all other + server machines in the cell, in a cell that runs the United States edition of AFS (cells that use the international + edition of AFS must not use the system control machine for this purpose). The machine conventionally also serves as the + time synchronization source for the cell, adjusting its clock according to a time source outside the cell. + + + + The OpenAFS Quick Beginnings explains how to configure your cell's first file server machine to + assume all four roles. The OpenAFS Quick Beginnings chapter on installing additional server machines also + explains how to configure them to perform one or more roles. + + + database server machine + + reason to run three + + + + distribution + + of databases + + + + databases, distributed + + + + distributed databases + + + + Replicating the OpenAFS Administrative Databases + + The AFS administrative databases are housed on database server machines and store information that is crucial for + correct cell functioning. Both server processes and Cache Managers access the information frequently: + + Every time a Cache Manager fetches a file from a directory that it has not previously accessed, it must look up + the file's location in the Volume Location Database (VLDB). + + + + Every time a user obtains an AFS token from the Authentication Server, the server looks up the user's password in + the Authentication Database. + + + + The first time that a user accesses a volume housed on a specific file server machine, the File Server contacts + the Protection Server for a list of the user's group memberships as recorded in the Protection Database. + + + + Every time you back up a volume using the AFS Backup System, the Backup Server creates records for it in the + Backup Database. + + + + Maintaining your cell is simplest if the first machine has the lowest IP address of any machine you plan to use as a + database server machine. If you later decide to use a machine with a lower IP address as a database server machine, you must + update the CellServDB file on all clients before introducing the new machine. + + If your cell has more than one server machine, it is best to run more than one as a database server machine (but more + than three are rarely necessary). Replicating the administrative databases in this way yields the same benefits as replicating + volumes: increased availability and reliability. If one database server machine or process stops functioning, the information + in the database is still available from others. The load of requests for database information is spread across multiple + machines, preventing any one from becoming overloaded. + + Unlike replicated volumes, however, replicated databases do change frequently. Consistent system performance demands + that all copies of the database always be identical, so it is not acceptable to record changes in only some of them. To + synchronize the copies of a database, the database server processes use AFS's distributed database technology, Ubik. See Replicating the OpenAFS Administrative Databases. + + If your cell has only one file server machine, it must also serve as a database server machine. If you cell has two file + server machines, it is not always advantageous to run both as database server machines. If a server, process, or network + failure interrupts communications between the database server processes on the two machines, it can become impossible to + update the information in the database because neither of them can alone elect itself as the synchronization site. + + + server machine + + protecting directories on local disk + + + + local disk + + protecting on file server machine + + + + + AFS Files on the Local Disk + + It is generally simplest to store the binaries for all AFS server processes in the /usr/afs/bin directory on every file server machine, even if some processes do not actively run on the + machine. This makes it easier to reconfigure a machine to fill a new role. + + For security reasons, the /usr/afs directory on a file server machine and all of its + subdirectories and files must be owned by the local superuser root and have only the first + w (write) mode bit turned on. Some files even have only the + first r (read) mode bit turned on (for example, the + /usr/afs/etc/KeyFile file, which lists the AFS server encryption keys). Each time the BOS + Server starts, it checks that the mode bits on certain files and directories match the expected values. For a list, see the + OpenAFS Quick Beginnings section about protecting sensitive AFS directories, or the discussion of the + output from the bos status command in To display the status of + server processes and their BosConfig entries. + + For a description of the contents of all AFS directories on a file server machine's local disk, see Administering Server Machines. + + + + Configuring Partitions to Store AFS Data + + The partitions that house AFS volumes on a file server machine must be mounted at directories named + + /vicepindex + + where index is one or two lowercase letters. By convention, the first AFS partition created is + mounted at the /vicepa directory, the second at the /vicepb + directory, and so on through the /vicepz directory. The names then continue with /vicepaa through /vicepaz, /vicepba + through /vicepbz, and so on, up to the maximum supported number of server partitions, which + is specified in the OpenAFS Release Notes. + + Each /vicepx directory must correspond to an entire partition or logical volume, and + must be a subdirectory of the root directory (/). It is not acceptable to configure part of (for example) the /usr partition as an AFS server partition and mount it on a directory called /usr/vicepa. + + Also, do not store non-AFS files on AFS server partitions. The File Server and Volume Server expect to have available + all of the space on the partition. Sharing space also creates competition between AFS and the local UNIX file system for + access to the partition, particularly if the UNIX files are frequently used. + + + server machine + + monitoring + + + + file server machine + + rebooting, about + + + + rebooting + + file server machine, limiting + + + + weekly restart of BOS Server (automatic) + + about + + + + restart times for BOS Server + + about + + + + + Monitoring, Rebooting and Automatic Process Restarts + + AFS provides several tools for monitoring the File Server, including the scout and + afsmonitor programs. You can configure them to alert you when certain threshold values are + exceeded, for example when a server partition is more than 95% full. See Monitoring and Auditing AFS + Performance. + + Rebooting a file server machine requires shutting down the AFS processes and so inevitably causes a service outage. + Reboot file server machines as infrequently as possible. For instructions, see Rebooting a Server + Machine. + + By default, the BOS Server on each file server machine stops and immediately restarts all AFS server processes on the + machine (including itself) once a week, at 4:00 a.m. on Sunday. This reduces the potential for the core leaks that can develop + as any process runs for an extended time. + + The BOS Server also checks each morning at 5:00 a.m. for any newly installed binary files in the /usr/afs/bin directory. It compares the timestamp on each binary file to the time at which the + corresponding process last restarted. If the timestamp on the binary is later, the BOS Server restarts the corresponding + process to start using it. + + The default times are in the early morning hours when the outage that results from restarting a process is likely to + disturb the fewest number of people. You can display the restart times for each machine with the bos + getrestart command, and set them with the bos setrestart command. The latter + command enables you to disable automatic restarts entirely, by setting the time to never. See + Setting the BOS Server's Restart Times. + + + client machine + + configuration issues + + + + configuring + + client machine, issues + + + + + + Configuring Client Machines + + This section summarizes issues to consider as you install and configure client machines in your cell. + + + client machine + + files required on local disk + + + + local disk + + files required on client machine + + + + file + + required on client machine local disk + + + + Configuring the Local Disk + + You can often free up significant amounts of local disk space on AFS client machines by storing standard UNIX files in + AFS and creating symbolic links to them from the local disk. The @sys pathname variable can + be useful in links to system-specific files; see Using the @sys Variable in Pathnames. + + There are two types of files that must actually reside on the local disk: boot sequence files needed before the + afsd program is invoked, and files that can be helpful during file server machine + outages. + + During a reboot, AFS is inaccessible until the afsd program executes and initializes + the Cache Manager. (In the conventional configuration, the AFS initialization file is included in the machine's initialization + sequence and invokes the afsd program.) Files needed during reboot prior to that point must + reside on the local disk. They include the following, but this list is not necessarily exhaustive. + + Standard UNIX utilities including the following or their equivalents: + + Machine initialization files (stored in the /etc or /sbin directory on many system types) + + + + The fstab file + + + + The mount command binary + + + + The umount command binary + + + + + + All subdirectories and files in the /usr/vice directory, including the following: + + + The /usr/vice/cache directory + + + + The /usr/vice/etc/afsd command binary + + + + The /usr/vice/etc/cacheinfo file + + + + The /usr/vice/etc/CellServDB file + + + + The /usr/vice/etc/ThisCell file + + + + For more information on these files, see Configuration and Cache-Related Files on the + Local Disk. + + + + The other type of files and programs to retain on the local disk are those you need when diagnosing and fixing problems + caused by a file server outage, because the outage can make inaccessible the copies stored in AFS. Examples include the + binaries for a text editor (such as ed or vi) and for the + fs and bos commands. Store copies of AFS command binaries in + the /usr/vice/etc directory as well as including them in the /usr/afsws directory, which is normally a link into AFS. Then place the /usr/afsws directory before the /usr/vice/etc directory in users' + PATH environment variable definition. When AFS is functioning normally, users access the copy in the /usr/afsws directory, which is more likely to be current than a local copy. + + You can automate the configuration of client machine local disks by using the package + program, which updates the contents of the local disk to match a configuration file. See Configuring + Client Machines with the package Program. + + + + Enabling Access to Foreign Cells + + + client machine + + enabling access to foreign cell + + + As detailed in Making Other Cells Visible in Your Cell, you enable the Cache Manager to + access a cell's AFS filespace by storing a list of the cell's database server machines in the local /usr/vice/etc/CellServDB file. The Cache Manager reads the list into kernel memory at reboot for faster + retrieval. You can change the list in kernel memory between reboots by using the fs newcell + command. It is often practical to store a central version of the CellServDB file in AFS and + use the package program periodically to update each client's version with the source copy. + See Maintaining Knowledge of Database Server Machines. + + Because each client machine maintains its own copy of the CellServDB file, you can in + theory enable access to different foreign cells on different client machines. This is not usually practical, however, + especially if users do not always work on the same machine. + + + at-sys (@sys) variable in pathnames + + + + sys (@sys) variable in pathnames + + + + variables + + @sys in pathnames + + + + + Using the @sys Variable in Pathnames + + When creating symbolic links into AFS on the local disk, it is often practical to use the @sys variable in pathnames. + The Cache Manager automatically substitutes the local machine's AFS system name (CPU/operating system type) for the @sys + variable. This means you can place the same links on machines of various system types and still have each machine access the + binaries for its system type. For example, the Cache Manager on a machine running AIX 4.2 converts /afs/abc.com/@sys to /afs/abc.com/rs_aix42, whereas a machine running + Solaris 7 converts it to /afs/abc.com/sun4x_57. + + If you want to use the @sys variable, it is simplest to use the conventional AFS system type names as specified in the + OpenAFS Release Notes. The Cache Manager records the local machine's system type name in kernel memory during initialization. + If you do not use the conventional names, you must use the fs sysname command to change the + value in kernel memory from its default just after Cache Manager initialization, on every client machine of the relevant + system type. The fs sysname command also displays the current value; see Displaying and Setting the System Type Name. + + In pathnames in the AFS filespace itself, use the @sys variable carefully and sparingly, because it can lead to + unexpected results. It is generally best to restrict its use to only one level in the filespace. The third level is a common + choice, because that is where many cells store the binaries for different machine types. + + Multiple instances of the @sys variable in a pathname are especially dangerous to people who must explicitly change + directories (with the cd command, for example) into directories that store binaries for + system types other than the machine on which they are working, such as administrators or developers who maintain those + directories. After changing directories, it is recommended that such people verify they are in the desired directory. + + + + Setting Server Preferences + + The Cache Manager stores a table of preferences for file server machines in kernel memory. A preference rank pairs a + file server machine interface's IP address with an integer in the range from 1 to 65,534. When it needs to access a file, the + Cache Manager compares the ranks for the interfaces of all machines that house the file, and first attempts to access the file + via the interface with the best rank. As it initializes, the Cache Manager sets default ranks that bias it to access files via + interfaces that are close to it in terms of network topology. You can adjust the preference ranks to improve performance if + you wish. + + The Cache Manager also uses similar preferences for Volume Location (VL) Server machines. Use the fs getserverprefs command to display preference ranks and the fs + setserverprefs command to set them. See Maintaining Server Preference Ranks. + + + user account + + configuration issues + + + + + + Configuring AFS User Accounts + + This section discusses some of the issues to consider when configuring AFS user accounts. Because AFS is separate from the + UNIX file system, a user's AFS account is separate from her UNIX account. + + The preferred method for creating a user account is with the uss suite of commands. With + a single command, you can create all the components of one or many accounts, after you have prepared a template file that guides + the account creation. See Creating and Deleting User Accounts with the uss Command Suite. + + Alternatively, you can issue the individual commands that create each component of an account. For instructions, along + with instructions for removing user accounts and changing user passwords, user volume quotas and usernames, see Administering User Accounts. + + When users leave your system, it is often good policy to remove their accounts. Instructions appear in Deleting Individual Accounts with the uss delete Command and Removing a User + Account. + + An AFS user account consists of the following components, which are described in greater detail in The Components of an AFS User Account. + + A Protection Database entry + + + + An Authentication Database entry + + + + A volume + + + + A home directory at which the volume is mounted + + + + Ownership of the home directory and full permissions on its ACL + + + + An entry in the local password file (/etc/passwd or equivalent) of each machine the + user needs to log into + + + + Optionally, standard files and subdirectories that make the account more useful + + + + By creating some components but not others, you can create accounts at different levels of functionality, using either + uss commands as described in Creating and Deleting User Accounts with + the uss Command Suite or individual commands as described in Administering User Accounts. + The levels of functionality include the following + + An authentication-only account enables the user to obtain AFS tokens and so to access protected AFS data and to + issue privileged commands. It consists only of entries in the Authentication and Protection Database. This type of account + is suitable for administrative accounts and for users from foreign cells who need to access protected data. Local users + generally also need a volume and home directory. + + + + A basic user account includes a volume for the user, in addition to Authentication and Protection Database entries. + The volume is mounted in the AFS filespace as the user's home directory, and provides a repository for the user's personal + files. + + + + A full account adds configuration files for basic functions such as logging in, printing, and mail delivery to a + basic account, making it more convenient and useful. For a discussion of some useful types of configuration files, see + Creating Standard Files in New AFS Accounts. + + + + If your users have UNIX user accounts that predate the introduction of AFS in the cell, you possibly want to convert them + into AFS accounts. There are three main issues to consider: + + Making UNIX and AFS UIDs match + + + + Setting the password field in the local password file appropriately + + + + Moving files from the UNIX file system into AFS + + + + For further discussion, see Converting Existing UNIX Accounts with uss or Converting Existing UNIX Accounts. + + + username + + choosing + + + + user + + name + + username + + + + choosing + + name + + user + + + + anonymous user + + AFS UID reserved + + + + AFS UID + + reserved + + anonymous user + + + + Choosing Usernames and Naming Other Account Components + + This section suggests schemes for choosing usernames, AFS UIDs, user volume names and mount point names, and also + outlines some restrictions on your choices. + + + Usernames + + AFS imposes very few restrictions on the form of usernames. It is best to keep usernames short, both because many + utilities and applications can handle usernames of no more than eight characters and because by convention many components + of and AFS account incorporate the name. These include the entries in the Protection and Authentication Databases, the + volume, and the mount point. Depending on your electronic mail delivery system, the username can become part of the user's + mailing address. The username is also the string that the user types when logging in to a client machine. + + + Some common choices for usernames are last names, first names, initials, or a combination, with numbers sometimes added. + It is also best to avoid using the following characters, many of which have special meanings to the command shell. + + + The comma (,) + + + + The colon (:), because AFS reserves it as a field separator in protection group + names; see The Two Types of User-Defined Groups + + + + The semicolon (;) + + + + The "at-sign" (@); this character is reserved for Internet mailing + addresses + + + + Spaces + + + + The newline character + + + + The period (.); it is conventional to use this character only in the special + username that an administrator adopts while performing privileged tasks, such as pat.admin + + + + + AFS UIDs and UNIX UIDs + + AFS associates a unique identification number, the AFS UID, with every username, recording the mapping in the user's + Protection Database entry. The AFS UID functions within AFS much as the UNIX UID does in the local file system: the AFS + server processes and the Cache Manager use it internally to identify a user, rather than the username. + + + Every AFS user also must have a UNIX UID recorded in the local password file (/etc/passwd or equivalent) of each client machine they log onto. Both administration and a user's AFS + access are simplest if the AFS UID and UNIX UID match. One important consequence of matching UIDs is that the owner reported + by the ls -l command matches the AFS username. + + It is usually best to allow the Protection Server to allocate the AFS UID as it creates the Protection Database entry. + However, both the pts createuser command and the uss + commands that create user accounts enable you to assign AFS UIDs explicitly. This is appropriate in two cases: + + You wish to group together the AFS UIDs of related users + + + + You are converting an existing UNIX account into an AFS account and want to make the AFS UID match the existing + UNIX UID + + + + After the Protection Server initializes for the first time on a cell's first file server machine, it starts assigning + AFS UIDs at a default value. To change the default before creating any user accounts, or at any time, use the pts setmax command to reset the max user id counter. To display the + counter, use the pts listmax command. See Displaying and Setting the + AFS UID and GID Counters. + + AFS reserves one AFS UID, 32766, for the user anonymous. The AFS server processes + assign this identity and AFS UID to any user who does not possess a token for the local cell. Do not assign this AFS UID to + any other user or hardcode its current value into any programs or a file's owner field, because it is subject to change in + future releases. + + + username + + part of volume name + + + + choosing + + name + + user volume + + + + User Volume Names + + Like any volume name, a user volume's base (read/write) name cannot exceed 22 characters in length or include the + .readonly or .backup extension. See Creating Volumes to Simplify Administration. By convention, user volume names have the format + user.username. Using the user. prefix not only makes it + easy to identify the volume's contents, but also to create a backup version of all user volumes by issuing a single + vos backupsys command. + + + + mount point + + choosing name for user volume + + + + choosing + + name + + user volume mount point + + + + Mount Point Names + + By convention, the mount point for a user's volume is named after the username. Many cells follow the convention of + mounting user volumes in the /afs/cellname/usr directory, as discussed in The Third Level. Very large cells + sometimes find that mounting all user volumes in the same directory slows directory lookup, however; for suggested + alternatives, see the following section. + + + + directories + + for grouping user home directories + + + + user account + + suggestions for grouping home directories + + + + + Grouping Home Directories + + Mounting user volumes in the /afs/cellname/usr directory is an AFS-appropriate variation on the standard UNIX practice of putting user home + directories under the /usr subdirectory. However, cells with more than a few hundred users + sometimes find that mounting all user volumes in a single directory results in slow directory lookup. The solution is to + distribute user volume mount points into several directories; there are a number of alternative methods to accomplish this. + + + Distribute user home directories into multiple directories that reflect organizational divisions, such as academic + or corporate departments. For example, a company can create group directories called usr/marketing, usr/research, usr/finance. A good feature of this scheme is that knowing a user's department is enough to find + the user's home directory. Also, it makes it easy to set the ACL to limit access to members of the department only. A + potential drawback arises if departments are of sufficiently unequal size that users in large departments experience + slower lookup than users in small departments. This scheme is also not appropriate in cells where users frequently + change between divisions. + + + + Distribute home directories into alphabetic subdirectories of the usr directory + (the usr/a subdirectory, the usr/b subdirectory, and + so on), based on the first letter of the username. If the cell is very large, create subdirectories under each letter + that correspond to the second letter in the user name. This scheme has the same advantages and disadvantages of a + department-based scheme. Anyone who knows the user's username can find the user's home directory, but users with names + that begin with popular letters sometimes experience slower lookup. + + + + Distribute home directories randomly but evenly into more than one grouping directory. One cell that uses this + scheme has over twenty such directories called the usr1 directory, the usr2 directory, and so on. This scheme is especially appropriate in cells where the other two + schemes do not seem feasible. It eliminates the potential problem of differences in lookup speed, because all + directories are about the same size. Its disadvantage is that there is no way to guess which directory a given user's + volume is mounted in, but a solution is to create a symbolic link in the regular usr + directory that references the actual mount point. For example, if user smith's volume + is mounted at the /afs/bigcell.com/usr17/smith directory, then the /afs/bigcell.com/usr/smith directory is a symbolic link to the ../usr17/smith directory. This way, if someone does not know which directory the user smith is in, he or she can access it through the link called usr/smith; people who do know the appropriate directory save lookup time by specifying it. + + + + For instructions on how to implement the various schemes when using the uss program to + create user accounts, see Evenly Distributing User Home Directories with the G Instruction and + Creating a Volume with the V Instruction. + + + + Making a Backup Version of User Volumes Available + + Mounting the backup version of a user's volume is a simple way to enable users themselves to restore data they have + accidentally removed or deleted. It is conventional to mount the backup version at a subdirectory of the user's home directory + (called perhaps the OldFiles subdirectory), but other schemes are possible. Once per day you + create a new backup version to capture the changes made that day, overwriting the previous day's backup version with the new + one. Users can always retrieve the previous day's copy of a file without your assistance, freeing you to deal with more + pressing tasks. + + Users sometimes want to delete the mount point to their backup volume, because they erroneously believe that the backup + volume's contents count against their quota. Remind them that the backup volume is separate, so the only space it uses in the + user volume is the amount needed for the mount point. + + For further discussion of backup volumes, see Backing Up AFS Data and Creating Backup Volumes. + + + file + + creating standard ones in new user account + + + + user account + + creating + + standard files in + + + + creating + + standard files in new user account + + + + + Creating Standard Files in New AFS Accounts + + From your experience as a UNIX administrator, you are probably familiar with the use of login and shell initialization + files (such as the .login and .cshrc files) to make an + account easier to use. + + It is often practical to add some AFS-specific directories to the definition of the user's PATH + environment variable, including the following: + + The path to a bin subdirectory in the user's home directory for binaries the user + has created (that is, /afs/cellname/usr/username/bin) + + + + The /usr/afsws/bin path, which conventionally includes programs like fs, klog, kpasswd, pts, tokens, and unlog + + + + The /usr/afsws/etc path, if the user is an administrator; it usually houses the + AFS command suites that require privilege (the backup, butc, kas, uss, vos commands), the package program, and others + + + + If you are not using an AFS-modified login utility, it can be helpful to users to invoke the klog command in their .login file so that they obtain AFS tokens as + part of logging in. In the following example command sequence, the first line echoes the string + klog to the standard output stream, so that the user understands the purpose of the + Password: prompt that appears when the second line is executed. The -setpag flag associates the new tokens with a process authentication group (PAG), which is discussed + further in Identifying AFS Tokens by PAG. + + + echo -n "klog " + klog -setpag + + + The following sequence of commands has a similar effect, except that the pagsh command + forks a new shell with which the PAG and tokens are associated. + + + pagsh + echo -n "klog " + klog + + + If you use an AFS-modified login utility, this sequence is not necessary, because such utilities both log a user in + locally and obtain AFS tokens. + + + group + + AFS GID + + + + group + + restrictions + + + + group + + privacy flags + + + + privacy flags on Protection Database entry + + + + + + Using AFS Protection Groups + + AFS enables users to define their own groups of other users or machines. The groups are placed on ACLs to grant the same + permissions to many users without listing each user individually. For group creation instructions, see Administering the Protection Database. + + Groups have AFS ID numbers, just as users do, but an AFS group ID (GID) is a negative integer whereas a user's AFS UID is + a positive integer. By default, the Protection Server allocates a new group's AFS GID automatically, but members of the + system:administrators group can assign a GID when issuing the pts + creategroup command. Before explicitly assigning a GID, it is best to verify that it is not already in use. + + A group cannot belong to another group, but it can own another group or even itself as long as it (the owning group) has + at least one member. The current owner of a group can transfer ownership of the group to another user or group, even without the + new owner's permission. At that point the former owner loses administrative control over the group. + + By default, each user can create 20 groups. A system administrator can increase or decrease this group creation quota with + the pts setfields command. + + Each Protection Database entry (group or user) is protected by a set of five privacy flagswhich limit who can administer + the entry and what they can do. The default privacy flags are fairly restrictive, especially for user entries. See Setting the Privacy Flags on Database Entries. + + + system:administrators group + + about + + + + system:anyuser group + + about + + + + system:authuser group + + about + + + + group + + system-defined + + + + The Three System Groups + + As the Protection Server initializes for the first time on a cell's first database server machine, it automatically + creates three group entries: the system:anyuser, system:authuser, and system:administrators groups. + + + AFS UID + + reserved + + system-defined groups + + + The first two system groups are unlike any other groups in the Protection Database in that they do not have a stable + membership: + + The system:anyuser group includes everyone who can access a cell's AFS filespace: + users who have tokens for the local cell, users who have logged in on a local AFS client machine but not obtained tokens + (such as the local superuser root), and users who have connected to a local machine + from outside the cell. Placing the system:anyuser group on an ACL grants access to the + widest possible range of users. It is the only way to extend access to users from foreign AFS cells that do not have + local accounts. + + + + The system:authuser group includes everyone who has a valid token obtained from + the cell's AFS authentication service. + + + + Because the groups do not have a stable membership, the pts membership command produces + no output for them. Similarly, they do not appear in the list of groups to which a user belongs. + + The system:administrators group does have a stable membership, consisting of the cell's + privileged administrators. Members of this group can issue any pts command, and are the only + ones who can issue several other restricted commands (such as the chown command on AFS + files). By default, they also implicitly have the a (administer) and l (lookup) + permissions on every ACL in the filespace. For information about changing this default, see Administering the system:administrators Group. + + For a discussion of how to use system groups effectively on ACLs, see Using Groups on + ACLs. + + + + The Two Types of User-Defined Groups + + All users can create regular groups. A regular group name has two fields separated by a colon, the first of which must + indicate the group's ownership. The Protection Server refuses to create or change the name of a group if the result does not + accurately indicate the ownership. + + Members of the system:administrators group can create prefix-less groups whose names do + not have the first field that indicates ownership. For suggestions on using the two types of groups effectively, see Using Groups Effectively. + + + authentication + + AFS separate from UNIX + + + + AFS + + authentication separate from UNIX + + + + + + Login and Authentication in AFS + + As explained in Differences in Authentication, AFS authentication is separate from UNIX + authentication because the two file systems are separate. The separation has two practical implications: + + To access AFS files, users must both log into the local file system and authenticate with the AFS authentication + service. (Logging into the local file system is necessary because the only way to access the AFS filespace is through a + Cache Manager, which resides in the local machine's kernel.) + + + + Passwords are stored in two separate places: in the Authentication Database for AFS and in the each machine's local + password file (the /etc/passwd file or equivalent) for the local file system. + + + + When a user successfully authenticates, the AFS authentication service passes a token to the user's Cache Manager. The + token is a small collection of data that certifies that the user has correctly provided the password associated with a + particular AFS identity. The Cache Manager presents the token to AFS server processes along with service requests, as proof that + the user is genuine. To learn about the mutual authentication procedure they use to establish identity, see A More Detailed Look at Mutual Authentication. + + The Cache Manager stores tokens in the user's credential structure in kernel memory. To distinguish one user's credential + structure from another's, the Cache Manager identifies each one either by the user's UNIX UID or by a process authentication + group (PAG), which is an identification number guaranteed to be unique in the cell. For further discussion, see Identifying AFS Tokens by PAG. + + + tokens + + one-per-cell rule + + + A user can have only one token per cell in each separately identified credential structure. To obtain a second token for + the same cell, the user must either log into a different machine or obtain another credential structure with a different + identifier than any existing credential structure, which is most easily accomplished by issuing the pagsh command (see Identifying AFS Tokens by PAG). In a single credential + structure, a user can have one token for each of many cells at the same time. As this implies, authentication status on one + machine or PAG is independent of authentication status on another machine or PAG, which can be very useful to a user or system + administrator. + + The AFS distribution includes library files that enable each system type's login utility to authenticate users with AFS + and log them into the local file system in one step. If you do not configure an AFS-modified login utility on a client machine, + its users must issue the klog command to authenticate with AFS after logging in. + + + The AFS-modified libraries do not necessarily support all features available in an operating system's proprietary login + utility. In some cases, it is not possible to support a utility at all. For more information about the supported utilities in + each AFS version, see the OpenAFS Release Notes. + + + + commands + + pagsh + + + + pagsh command + + + + commands + + klog with -setpag flag + + + + klog command + + with -setpag flag + + + + PAG + + creating with klog or pagsh command + + + + creating + + PAG with klog or pagsh command + + + + process authentication group + + + + PAG + + + + Identifying AFS Tokens by PAG + + As noted, the Cache Manager identifies user credential structures either by UNIX UID or by PAG. Using a PAG is + preferable because it guaranteed to be unique: the Cache Manager allocates it based on a counter that increments with each + use. In contrast, multiple users on a machine can share or assume the same UNIX UID, which creates potential security + problems. The following are two common such situations: + + The local superuser root can always assume any other user's UNIX UID simply by + issuing the su command, without providing the user's password. If the credential + structure is associated with the user's UNIX UID, then assuming the UID means inheriting the AFS tokens. + + + + Two users working on different NFS client machines can have the same UNIX UID in their respective local file + systems. If they both access the same NFS/AFS Translator machine, and the Cache Manager there identifies them by their + UNIX UID, they become indistinguishable. To eliminate this problem, the Cache Manager on a translator machine + automatically generates a PAG for each user and uses it, rather than the UNIX UID, to tell users apart. + + + + Yet another advantage of PAGs over UIDs is that processes spawned by the user inherit the PAG and so share the token; + thus they gain access to AFS as the authenticated user. In many environments, for example, printer and other daemons run under + identities (such as the local superuser root) that the AFS server processes recognize only as + the anonymous user. Unless PAGs are used, such daemons cannot access files for which the + system:anyuser group does not have the necessary ACL permissions. + + Once a user has a PAG, any new tokens the user obtains are associated with the PAG. The PAG expires two hours after any + associated tokens expire or are discarded. If the user issues the klog command before the PAG + expires, the new token is associated with the existing PAG (the PAG is said to be recycled in this case). + + AFS-modified login utilities automatically generate a PAG, as described in the following section. If you use a standard + login utility, your users must issue the pagsh command before the klog command, or include the latter command's -setpag flag. For + instructions, see Using Two-Step Login and Authentication. + + Users can also use either command at any time to create a new PAG. The difference between the two commands is that the + klog command replaces the PAG associated with the current command shell and tokens. The + pagsh command initializes a new command shell before creating a new PAG. If the user already + had a PAG, any running processes or jobs continue to use the tokens associated with the old PAG whereas any new jobs or + processes use the new PAG and its associated tokens. When you exit the new shell (by pressing <Ctrl-d>, for example), you return to the original PAG and shell. By default, the pagsh command initializes a Bourne shell, but you can include the -c + argument to initialize a C shell (the /bin/csh program on many system types) or Korn shell + (the /bin/ksh program) instead. + + + login utility + + AFS version + + + + + Using an AFS-modified login Utility + + As previously mentioned, an AFS-modified login utility simultaneously obtains an AFS token and logs the user into the + local file system. This section outlines the login and authentication process and its interaction with the value in the + password field of the local password file. + + An AFS-modified login utility performs a sequence of steps similar to the following; details can vary for different + operating systems: + + It checks the user's entry in the local password file (the /etc/passwd file or + equivalent). + + + + If no entry exists, or if an asterisk (*) appears in the entry's password field, + the login attempt fails. If the entry exists, the attempt proceeds to the next step. + + + + The utility obtains a PAG. + + + + The utility converts the password provided by the user into an encryption key and encrypts a + packet of data with the key. It sends the packet to the AFS authentication service (the AFS Authentication Server in the + conventional configuration). + + + + The authentication service decrypts the packet and, depending on the success of the decryption, judges the + password to be correct or incorrect. (For more details, see A More Detailed Look at Mutual + Authentication.) + + If the authentication service judges the password incorrect, the user does not receive an AFS token. The PAG + is retained, ready to be associated with any tokens obtained later. The attempt proceeds to Step 6. + + + + If the authentication service judges the password correct, it issues a token to the user as proof of AFS + authentication. The login utility logs the user into the local UNIX file system. Some login utilities echo the + following banner to the screen to alert the user to authentication with AFS. Step 6 + is skipped. + AFS(R) version Login + + + + + + + If no AFS token was granted in Step 4, the login utility + attempts to log the user into the local file system, by comparing the password provided to the local password file. + + + If the password is incorrect or any value other than an encrypted 13-character string appears in the + password field, the login attempt fails. + + + + If the password is correct, the user is logged into the local file system only. + + + + + + + local password file + + when using AFS--modified login utility + + + + login utility + + AFS version's interaction with local password file + + + + password + + local password file + + + As indicated, when you use an AFS-modified login utility, the password field in the local password file is no longer the + primary gate for access to your system. If the user provides the correct AFS password, then the program never consults the + local password file. However, you can still use the password field to control access, in the following way: + + To prevent both local login and AFS authentication, place an asterisk (*) in the + field. This is useful mainly in emergencies, when you want to prevent a certain user from logging into the + machine. + + + + To prevent login to the local file system if the user does not provide the correct AFS password, place a character + string of any length other than the standard thirteen characters in the field. This is appropriate if you want to permit + only people with local AFS accounts to login on your machines. A single X or other + character is the most easily recognizable way to do this. + + + + To enable a user to log into the local file system even after providing an incorrect AFS password, record a + standard UNIX encrypted password in the field by issuing the standard UNIX password-setting command (passwd or equivalent). + + + + Systems that use a Pluggable Authentication Module (PAM) for login and AFS authentication do not necessarily consult the + local password file at all, in which case they do not use the password field to control authentication and login attempts. + Instead, instructions in the PAM configuration file (on many system types, /etc/pam.conf) + fill the same function. See the instructions in the OpenAFS Quick Beginnings for installing AFS-modified login + utilities. + + + local password file + + when not using AFS-modified login utility + + + + + Using Two-Step Login and Authentication + + In cells that do not use an AFS-modified login utility, users must issue separate commands to login and authenticate, as + detailed in the OpenAFS User Guide: + + They use the standard login program to login to the local file system, providing + the password listed in the local password file (the /etc/passwd file or + equivalent). + + + + They must issue the klog command to authenticate with the AFS authentication + service, including its -setpag flag to associate the new tokens with a process + authentication group (PAG). + + + + As mentioned in Creating Standard Files in New AFS Accounts, you can invoke the klog -setpag command in a user's .login file (or equivalent) so that + the user does not have to remember to issue the command after logging in. The user still must type a password twice, once at + the prompt generated by the login utility and once at the klog command's prompt. This implies + that the two passwords can differ, but it is less confusing if they do not. + + Another effect of not using an AFS-modified login utility is that the AFS servers recognize the standard login program as the anonymous user. If the login program needs to access any AFS files (such as the .login file + in a user's home directory), then the ACL that protects the file must include an entry granting the l (lookup) and r (read) permissions to the system:anyuser group. + + When you do not use an AFS-modified login utility, an actual (scrambled) password must appear in the local password file + for each user. Use the /bin/passwd file to insert or change these passwords. It is simpler if + the password in the local password file matches the AFS password, but it is not required. + + + tokens + + displaying for user + + + + tokens + + command + + + + commands + + tokens + + + + listing + + tokens held by issuer + + + + commands + + klog + + + + klog command + + + + server process + + creating ticket (tokens) for + + + + tickets + + + + tokens + + + + tokens + + creating for server process + + + + authenticated identity + + acquiring with klog command + + + + unlog command + + + + commands + + unlog + + + + discarding + + tokens + + + + tokens + + discarding with unlog command + + + + + Obtaining, Displaying, and Discarding Tokens + + Once logged in, a user can obtain a token at any time with the klog command. If a valid + token already exists, the new one overwrites it. If a PAG already exists, the new token is associated with it. + + By default, the klog command authenticates the issuer using the identity currently + logged in to the local file system. To authenticate as a different identity, use the -principal argument. To obtain a token for a foreign cell, use the -cell argument (it can be combined with the -principal argument). See + the OpenAFS User Guide and the entry for the klog command in the OpenAFS Administration + Reference. + + To discard either all tokens or the token for a particular cell, issue the unlog + command. The command affects only the tokens associated with the current command shell. See the OpenAFS User Guideand the + entry for the unlog command in the OpenAFS Administration Reference. + + To display the tokens associated with the current command shell, issue the tokens + command. The following examples illustrate its output in various situations. + + If the issuer is not authenticated in any cell: + + + % tokens + Tokens held by the Cache Manager: + --End of list-- + + + The following shows the output for a user with AFS UID 1000 in the ABC Corporation cell: + + + % tokens + Tokens held by the Cache Manager: + User's (AFS ID 1000) tokens for afs@abc.com [Expires Jun 2 10:00] + --End of list-- + + + The following shows the output for a user who is authenticated in ABC Corporation cell, the State University cell and + the DEF Company cell. The user has different AFS UIDs in the three cells. Tokens for the last cell are expired: + + + % tokens + Tokens held by the Cache Manager: + User's (AFS ID 1000) tokens for afs@abc.com [Expires Jun 2 10:00] + User's (AFS ID 4286) tokens for afs@stateu.edu [Expires Jun 3 1:34] + User's (AFS ID 22) tokens for afs@def.com [>>Expired<<] + --End of list-- + + + The Kerberos version of the tokens command (the tokens.krb command), also reports information on the ticket-granting ticket, including the ticket's + owner, the ticket-granting service, and the expiration date, as in the following example. Also see Support for Kerberos Authentication. + + + % tokens.krb + Tokens held by the Cache Manager: + User's (AFS ID 1000) tokens for afs@abc.com [Expires Jun 2 10:00] + User smith's tokens for krbtgt.ABC.COM@abc.com [Expires Jun 2 10:00] + --End of list-- + + + + + Setting Default Token Lifetimes for Users + + + tokens + + setting default lifetimes for users + + + The maximum lifetime of a user token is the smallest of the ticket lifetimes recorded in the following three + Authentication Database entries. The kas examine command reports the lifetime as + Max ticket lifetime. Administrators who have the ADMIN flag + on their Authentication Database entry can use the -lifetime argument to the kas setfields command to set an entry's ticket lifetime. + + The afs entry, which corresponds to the AFS server processes. The default is 100 + hours. + + + + The krbtgt.cellname entry, which corresponds to the ticket-granting ticket used + internally in generating the token. The default is 720 hours (30 days). + + + + The entry for the user of the AFS-modified login utility or issuer of the klog + command. The default is 25 hours for user entries created using the AFS 3.1 or later version of the Authentication + Server, and 100 hours for user entries created using the AFS 3.0 version of the Authentication Server. A user can use + the kas examine command to display his or her own Authentication Database entry. + + + + + An AFS-modified login utility always grants a token with a lifetime calculated from the previously described three + values. When issuing the klog command, a user can request a lifetime shorter than the + default by using the -lifetime argument. For further information, see the OpenAFS User + Guide and the klog reference page in the OpenAFS Administration Reference. + + + + + Changing Passwords + + + password + + changing in AFS + + + + kpasswd command + + + + commands + + kpasswd + + + + kas commands + + setpassword + + + + commands + + kas setpassword + + + Regular AFS users can change their own passwords by using either the kpasswd or + kas setpassword command. The commands prompt for the current password and then twice for the + new password, to screen out typing errors. + + Administrators who have the ADMIN flag on their Authentication Database entries can + change any user's password, either by using the kpasswd command (which requires knowing the + current password) or the kas setpassword command. + + If your cell does not use an AFS-modified login utility, remember also to change the local password, using the operating + system's password-changing command. For more instructions on changing passwords, see Changing AFS + Passwords. + + + + Imposing Restrictions on Passwords and Authentication Attempts + + You can help to make your cell more secure by imposing restrictions on user passwords and authentication attempts. To + impose the restrictions as you create an account, use the A instruction in the uss template file as described in Increasing Account Security with the A + Instruction. To set or change the values on an existing account, use the kas setfields + command as described in Improving Password and Authentication Security. + + + password + + expiration + + + + password + + lifetime + + + + kas commands + + setfields + + + + commands + + kas setfields + + + + Authentication Database + + password lifetime, setting + + + + password + + restricting reuse + + + By default, AFS passwords never expire. Limiting password lifetime can help improve security by decreasing the time the + password is subject to cracking attempts. You can choose an lifetime from 1 to 254 days after the password was last changed. + It automatically applies to each new password as it is set. When the user changes passwords, you can also insist that the new + password is not similar to any of the 20 passwords previously used. + + + password + + consequences of multiple failed authentication attempts + + + + kas commands + + setfields + + + + commands + + kas setfields + + + + authentication + + consequences of multiple failures + + + Unscrupulous users can try to gain access to your AFS cell by guessing an authorized user's password. To protect against + this type of attack, you can limit the number of times that a user can consecutively fail to provide the correct password. + When the limit is exceeded, the authentication service refuses further authentication attempts for a specified period of time + (the lockout time). To reenable authentication attempts before the lockout time expires, an administrator must issue the + kas unlock command. + + + password + + checking quality of + + + + kpasswd command + + + + commands + + kpasswd + + + + kas commands + + setpassword + + + + kpwvalid program + + + In addition to settings on user's authentication accounts, you can improve security by automatically checking the + quality of new user passwords. The kpasswd and kas + setpassword commands pass the proposed password to a program or script called kpwvalid, if it exists. The kpwvalid performs quality checks and + returns a code to indicate whether the password is acceptable. You can create your own program or modified the sample program + included in the AFS distribution. See the kpwvalid reference page in the OpenAFS + Administration Reference. + + There are several types of quality checks that can improve password quality. + + The password is a minimum length + + + + The password is not a word + + + + The password contains both numbers and letters + + + + + + Support for Kerberos Authentication + + + Kerberos + + support for in AFS + + + + commands + + klog.krb + + + + commands + + pagsh.krb + + + + commands + + tokens.krb + + + + klog.krb command + + + + pagsh.krb command + + + + tokens.krb command + + + If your site is using standard Kerberos authentication rather than the AFS Authentication Server, use the modified + versions of the klog, pagsh, and tokens commands that support Kerberos authentication. The binaries for the modified version of these + commands have the same name as the standard binaries with the addition of a .krb + extension. + + Use either the Kerberos version or the standard command throughout the cell; do not mix the two versions. AFS Product + Support can provide instructions on installing the Kerberos version of these four commands. For information on the differences + between the two versions of these commands, see the OpenAFS Administration Reference. + + + + + Security and Authorization in AFS + + AFS incorporates several features to ensure that only authorized users gain access to data. This section summarizes the + most important of them and suggests methods for improving security in your cell. + + + Some Important Security Features + + + security + + AFS features + + + + AFS + + security features + + + + ACLs on Directories + + Files in AFS are protected by the access control list (ACL) associated with their parent directory. The ACL defines + which users or groups can access the data in the directory, and in what way. See Managing Access + Control Lists. + + + + Mutual Authentication Between Client and Server + + When an AFS client and server process communicate, each requires the other to prove its identity during mutual + authentication, which involves the exchange of encrypted information that only valid parties can decrypt and respond to. For + a detailed description of the mutual authentication process, see A More Detailed Look at Mutual + Authentication. + + + AFS server processes mutually authenticate both with one another and with processes that represent human users. After + mutual authentication is complete, the server and client have established an authenticated connection, across which they can + communicate repeatedly without having to authenticate again until the connection expires or one of the parties closes it. + Authenticated connections have varying lifetimes. + + + Tokens + + In order to access AFS files, users must prove their identities to the AFS authentication service by providing the + correct AFS password. If the password is correct, the authentication service sends the user a token as evidence of + authenticated status. See Login and Authentication in AFS. + + + Servers assign the user identity anonymous to users and processes that do not have a + valid token. The anonymous identity has only the access granted to the system:anyuser group on ACLs. + + + Authorization Checking + + Mutual authentication establishes that two parties communicating with one another are actually who they claim to be. + For many functions, AFS server processes also check that the client whose identity they have verified is also authorized to + make the request. Different requests require different kinds of privilege. See Three Types of + Privilege. + + + + Encrypted Network Communications + + + network + + encrypted communication in AFS + + + + encrypted network communication + + + + security + + encrypted network communication + + + The AFS server processes encrypt particularly sensitive information before sending it back to clients. Even if an + unauthorized party is able to eavesdrop on an authenticated connection, they cannot decipher encrypted data without the + proper key. + + + The following AFS commands encrypt data because they involve server encryption keys and passwords: + + The bos addkey command, which adds a server encryption key to the /usr/afs/etc/KeyFile file + + + + The bos listkeys command, which lists the server encryption keys from the + /usr/afs/etc/KeyFile file + + + + The kpasswd command, which changes a password in the Authentication + Database + + + + Most commands in the kas command suite + + + + In addition, the United States edition of the Update Server encrypts sensitive information (such as the contents of + KeyFile) when distributing it. Other commands in the bos + suite and the commands in the fs, pts and vos suites do not encrypt data before transmitting it. + + + + Three Types of Privilege + + AFS uses three separate types of privilege for the reasons discussed in The Reason for Separate + Privileges. + + Membership in the system:administrators group. Members are entitled to issue any + pts command and those fs commands that set volume + quota. By default, they also implicitly have the a (administer) and l (lookup) + permissions on every ACL in the file tree even if the ACL does not include an entry for them. + + + + The ADMIN flag on the Authentication Database entry. An administrator with this + flag can issue any kas command. + + + + Inclusion in the /usr/afs/etc/UserList file. An administrator whose username + appears in this file can issue any bos, vos, or + backup command (although some backup commands require + additional privilege as described in Granting Administrative Privilege to Backup + Operators). + + + + + + Authorization Checking versus Authentication + + AFS distinguishes between authentication and authorization checking. Authentication refers to the process of proving + identity. Authorization checking refers to the process of verifying that an authenticated identity is allowed to perform a + certain action. + + AFS implements authentication at the level of connections. Each time two parties establish a new connection, they + mutually authenticate. In general, each issue of an AFS command establishes a new connection between AFS server process and + client. + + AFS implements authorization checking at the level of server machines. If authorization checking is enabled on a server + machine, then all of the server processes running on it provide services only to authorized users. If authorization checking + is disabled on a server machine, then all of the server processes perform any action for anyone. Obviously, disabling + authorization checking is an extreme security exposure. For more information, see Managing + Authentication and Authorization Requirements. + + + + Improving Security in Your Cell + + + security + + suggestions for improving + + + You can improve the level of security in your cell by configuring user accounts, server machines, and system + administrator accounts in the indicated way. + + + User Accounts + + + + Use an AFS-modified login utility, or include the -setpag flag to the klog command, to associate the credential structure that houses tokens with a PAG rather than a + UNIX UID. This prevents users from inheriting someone else's tokens by assuming their UNIX identity. For further + discussion, see Identifying AFS Tokens by PAG. + + + + Encourage users to issue the unlog command to destroy their tokens before + logging out. This forestalls attempts to access tokens left behind kernel memory. Consider including the unlog command in every user's .logout file or + equivalent. + + + + + + Server Machines + + + + Disable authorization checking only in emergencies or for very brief periods of time. It is best to work at the + console of the affected machine during this time, to prevent anyone else from accessing the machine through the + keyboard. + + + + Change the AFS server encryption key on a frequent and regular schedule. Make it difficult to guess (a long + string including nonalphabetic characters, for instance). Unlike user passwords, the password from which the AFS key + is derived can be longer than eight characters, because it is never used during login. The kas + setpassword command accepts a password hundreds of characters long. For instructions, see Managing Server Encryption Keys. + + + + As much as possible, limit the number of people who can login at a server machine's console or remotely. + Imposing this limit is an extra security precaution rather than a necessity. The machine cannot serve as an AFS client + in this case. + + + + Particularly limit access to the local superuser root account on a server + machine. The local superuser root has free access to important administrative + subdirectories of the /usr/afs directory, as described in AFS + Files on the Local Disk. + + + root superuser + + limiting logins + + + + + As in any computing environment, server machines must be located in a secured area. Any other security measures + are effectively worthless if unauthorized people can access the computer hardware. + + + + + + System Administrators + + + + Limit the number of system administrators in your cell. Limit the use of system administrator accounts on + publicly accessible workstations. Such machines are not secure, so unscrupulous users can install programs that try to + steal tokens or passwords. If administrators must use publicly accessible workstations at times, they must issue the + unlog command before leaving the machine. + + + + Create an administrative account for each administrator separate from the personal account, and assign AFS + privileges only to the administrative account. The administrators must authenticate to the administrative accounts to + perform duties that require privilege, which provides a useful audit trail as well. + + + + Administrators must not leave a machine unattended while they have valid tokens. Issue the unlog command before leaving. + + + + Use the -lifetime argument to the kas + setfields command to set the token lifetime for administrative accounts to a fairly short amount of time. + The default lifetime for AFS tokens is 25 hours, but 30 or 60 minutes is possibly a more reasonable lifetime for + administrative tokens. The tokens for administrators who initiate AFS Backup System operations must last somewhat + longer, because it can take several hours to complete some dump operations, depending on the speed of the tape device + and the network connecting it to the file server machines that house the volumes is it accessing. + + + + Limit administrators' use of the telnet program. It sends unencrypted passwords + across the network. Similarly, limit use of other remote programs such as rsh and + rcp, which send unencrypted tokens across the network. + + + + + + + A More Detailed Look at Mutual Authentication + + + mutual authentication + + + + distributed file system + + security issues + + + + shared secret + + + + server encryption key + + defined + + + As in any file system, security is a prime concern in AFS. A file system that makes file sharing easy is not useful if + it makes file sharing mandatory, so AFS incorporates several features that prevent unauthorized users from accessing data. + Security in a networked environment is difficult because almost all procedures require transmission of information across + wires that almost anyone can tap into. Also, many machines on networks are powerful enough that unscrupulous users can monitor + transactions or even intercept transmissions and fake the identity of one of the participants. + + The most effective precaution against eavesdropping and information theft or fakery is for servers and clients to accept + the claimed identity of the other party only with sufficient proof. In other words, the nature of the network forces all + parties on the network to assume that the other party in a transaction is not genuine until proven so. Mutual authentication + is the means through which parties prove their genuineness. + + Because the measures needed to prevent fakery must be quite sophisticated, the implementation of mutual authentication + procedures is complex. The underlying concept is simple, however: parties prove their identities by demonstrating knowledge of + a shared secret. A shared secret is a piece of information known only to the parties who are mutually authenticating (they can + sometimes learn it in the first place from a trusted third party or some other source). The party who originates the + transaction presents the shared secret and refuses to accept the other party as valid until it shows that it knows the secret + too. + + The most common form of shared secret in AFS transactions is the encryption key, also referred to simply as a key. The + two parties use their shared key to encrypt the packets of information they send and to decrypt the ones they receive. + Encryption using keys actually serves two related purposes. First, it protects messages as they cross the network, preventing + anyone who does not know the key from eavesdropping. Second, ability to encrypt and decrypt messages successfully indicates + that the parties are using the key (it is their shared secret). If they are using different keys, messages remain scrambled + and unintelligible after decryption. + + The following sections describe AFS's mutual authentication procedures in more detail. Feel free to skip these sections + if you are not interested in the mutual authentication process. + + + Simple Mutual Authentication + + Simple mutual authentication involves only one encryption key and two parties, generally a client and server. The + client contacts the server by sending a challenge message encrypted with a key known only to the two of them. The server + decrypts the message using its key, which is the same as the client's if they really do share the same secret. The server + responds to the challenge and uses its key to encrypt its response. The client uses its key to decrypt the server's + response, and if it is correct, then the client can be sure that the server is genuine: only someone who knows the same key + as the client can decrypt the challenge and answer it correctly. On its side, the server concludes that the client is + genuine because the challenge message made sense when the server decrypted it. + + AFS uses simple mutual authentication to verify user identities during the first part of the login procedure. In that + case, the key is based on the user's password. + + + + Complex Mutual Authentication + + Complex mutual authentication involves three encryption keys and three parties. All secure AFS transactions (except + the first part of the login process) employ complex mutual authentication. + + + ticket-granter + + + + server encryption key + + + + tokens + + data in + + + When a client wishes to communicate with a server, it first contacts a third party called a ticket-granter. The + ticket-granter and the client mutually authenticate using the simple procedure. When they finish, the ticket-granter gives + the client a server ticket (or simply ticket) as proof that it (the ticket-granter) has preverified the identity of the + client. The ticket-granter encrypts the ticket with the first of the three keys, called the server encryption key because it + is known only to the ticket-granter and the server the client wants to contact. The client does not know this key. + + The ticket-granter sends several other pieces of information along with the ticket. They enable the client to use the + ticket effectively despite being unable to decrypt the ticket itself. Along with the ticket, the items constitute a token: + + + A session key, which is the second encryption key involved in mutual authentication. The ticket-granter invents + the session key at random as the shared secret between client and server. For reasons explained further below, the + ticket-granter also puts a copy of the session key inside the ticket. The client and server use the session key to + encrypt messages they send to one another during their transactions. The ticket-granter invents a different session + key for each connection between a client and a server (there can be several transactions during a single + connection). + + + session key + + + + + The name of the server for which the ticket is valid (and so which server encryption key encrypts the ticket + itself). + + + + A ticket lifetime indicator. The default lifetime of AFS server tickets is 100 hours. If the client wants to + contact the server again after the ticket expires, it must contact the ticket-granter to get a new ticket. + + + + The ticket-granter seals the entire token with the third key involved in complex mutual authentication--the key known + only to it (the ticket-granter) and the client. In some cases, this third key is derived from the password of the human user + whom the client represents. + + Now that the client has a valid server ticket, it is ready to contact the server. It sends the server two things: + + + The server ticket. This is encrypted with the server encryption key. + + + + Its request message, encrypted with the session key. Encrypting the message protects it as it crosses the + network, since only the server/client pair for whom the ticket-granter invented the session key know it. + + + + At this point, the server does not know the session key, because the ticket-granter just created it. However, the + ticket-granter put a copy of the session key inside the ticket. The server uses the server encryption key to decrypts the + ticket and learns the session key. It then uses the session key to decrypt the client's request message. It generates a + response and sends it to the client. It encrypts the response with the session key to protect it as it crosses the + network. + + This step is the heart of mutual authentication between client and server, because it proves to both parties that they + know the same secret: + + The server concludes that the client is authorized to make a request because the request message makes sense + when the server decrypts it using the session key. If the client uses a different session key than the one the server + finds inside the ticket, then the request message remains unintelligible even after decryption. The two copies of the + session key (the one inside the ticket and the one the client used) can only be the same if they both came from the + ticket-granter. The client cannot fake knowledge of the session key because it cannot look inside the ticket, sealed + as it is with the server encryption key known only to the server and the ticket-granter. The server trusts the + ticket-granter to give tokens only to clients with whom it (the ticket-granter) has authenticated, so the server + decides the client is legitimate. + + (Note that there is no direct communication between the ticket-granter and the server, even though their + relationship is central to ticket-based mutual authentication. They interact only indirectly, via the client's + possession of a ticket sealed with their shared secret.) + + + + The client concludes that the server is genuine and trusts the response it gets back from the server, because + the response makes sense after the client decrypts it using the session key. This indicates that the server encrypted + the response with the same session key as the client knows. The only way for the server to learn that matching session + key is to decrypt the ticket first. The server can only decrypt the ticket because it shares the secret of the server + encryption key with the ticket-granter. The client trusts the ticket-granter to give out tickets only for legitimate + servers, so the client accepts a server that can decrypt the ticket as genuine, and accepts its response. + + + + + + + + Backing Up AFS Data + + AFS provides two related facilities that help the administrator back up AFS data: backup volumes and the AFS Backup + System. + + + Backup Volumes + + The first facility is the backup volume, which you create by cloning a read/write volume. The backup volume is read-only + and so preserves the state of the read/write volume at the time the clone is made. + + Backup volumes can ease administration if you mount them in the file system and make their contents available to users. + For example, it often makes sense to mount the backup version of each user volume as a subdirectory of the user's home + directory. A conventional name for this mount point is OldFiles. Create a new version of the + backup volume (that is, reclone the read/write) once a day to capture any changes that were made since the previous backup. If + a user accidentally removes or changes data, the user can restore it from the backup volume, rather than having to ask you to + restore it. + + The OpenAFS User Guide does not mention backup volumes, so regular users do not know about them if you decide not to use + them. This implies that if you do make backup versions of user volumes, you need to tell your + users about how the backup works and where you have mounted it. + + Users are often concerned that the data in a backup volume counts against their volume quota and some of them even want + to remove the OldFiles mount point. It does not, because the backup volume is a separate + volume. The only amount of space it uses in the user's volume is the amount needed for the mount point, which is about the + same as the amount needed for a standard directory element. + + Backup volumes are discussed in detail in Creating Backup Volumes. + + + + The AFS Backup System + + Backup volumes can reduce restoration requests, but they reside on disk and so do not protect data from loss due to + hardware failure. Like any file system, AFS is vulnerable to this sort of data loss. + + To protect your cell's users from permanent loss of data, you are strongly urged to back up your file system to tape on + a regular and frequent schedule. The AFS Backup System is available to ease the administration and performance of backups. For + detailed information about the AFS Backup System, see Configuring the AFS Backup System and + Backing Up and Restoring AFS Data. + + + remote services + + modifications for AFS + + + + commands + + ftp (AFS compared to UNIX) + + + + ftpd command + + AFS compared to UNIX + + + + commands + + ftpd (AFS compared to UNIX) + + + + inetd command + + AFS compared to UNIX + + + + commands + + inetd (AFS compared to UNIX) + + + + rcp command + + AFS compared to UNIX + + + + commands + + rcp (AFS compared to UNIX) + + + + rlogind command + + AFS compared to UNIX + + + + commands + + rlogind (AFS compared to UNIX) + + + + rsh command + + AFS compared to UNIX + + + + commands + + rsh (AFS compared to UNIX) + + + + + + Using UNIX Remote Services in the AFS Environment + + The AFS distribution includes modified versions of several standard UNIX commands, daemons and programs that provide + remote services, including the following: + + The ftpd program + + + + The inetd daemon + + + + The rcp program + + + + The rlogind daemon + + + + The rsh command + + + + These modifications enable the commands to handle AFS authentication information (tokens). This enables issuers to be + recognized on the remote machine as an authenticated AFS user. + + Replacing the standard versions of these programs in your file tree with the AFS-modified versions is optional. It is + likely that AFS's transparent access reduces the need for some of the programs anyway, especially those involved in transferring + files from machine to machine, like the ftpd and rcp + programs. + + If you decide to use the AFS versions of these commands, be aware that several of them are interdependent. For example, + the passing of AFS authentication information works correctly with the rcp command only if you + are using the AFS version of both the rcp and inetd + commands. + + The conventional installation location for the modified remote commands are the /usr/afsws/bin and /usr/afsws/etc directories. To learn more about + commands' functionality, see their reference pages in the OpenAFS Administration Reference. + + + + Accessing AFS through NFS + + Users of NFS client machines can access the AFS filespace by mounting the /afs directory + of an AFS client machine that is running the NFS/AFS Translator. This is a particular advantage in cells already running NFS who + want to access AFS using client machines for which AFS is not available. See Appendix A, Managing the + NFS/AFS Translator. + + Index: openafs/doc/xml/AdminGuide/auagd008.xml diff -c /dev/null openafs/doc/xml/AdminGuide/auagd008.xml:1.1.8.3 *** /dev/null Sat May 30 21:40:41 2009 --- openafs/doc/xml/AdminGuide/auagd008.xml Wed May 13 22:25:59 2009 *************** *** 0 **** --- 1,5711 ---- + + + Administering Server Machines + + + server machine + + administering + + + + administering + + server machine + + + This chapter describes how to administer an AFS server machine. It describes the following configuration information and + administrative tasks: + + The binary and configuration files that must reside in the subdirectories of the /usr/afs directory on every server machine's local disk; see Local Disk Files + on a Server Machine. + + + + The various roles or functions that an AFS server machine can perform, and how to determine which + machines are taking a role; see The Four Roles for File Server Machines. + + + + How to maintain database server machines; see Administering Database Server + Machines. + + + + How to maintain the list of database server machines in the /usr/afs/etc/CellServDB + file; see Maintaining the Server CellServDB File. + + + + How to control authorization checking on a server machine; see Managing Authentication and + Authorization Requirements. + + + + How to install new disks or partitions on a file server machine; see Adding or Removing Disks + and Partitions. + + + + How to change a server machine's IP addresses and manager VLDB server entries; see Managing + Server IP Addresses and VLDB Server Entries. + + + + How to reboot a file server machine; see Rebooting a Server Machine. + + + + To learn how to install and configure a new server machine, see the OpenAFS Quick Beginnings. + + To learn how to administer the server processes themselves, see Monitoring and Controlling Server + Processes. + + To learn how to administer volumes, see Managing Volumes. + + + Summary of Instructions + + This chapter explains how to perform the following tasks by using the indicated commands: + + + + + + + + + + Install new binaries + + bos install + + + + Examine binary check-and-restart time + + bos getrestart + + + + Set binary check-and-restart time + + bos setrestart + + + + Examine compilation dates on binary files + + bos getdate + + + + Restart a process to use new binaries + + bos restart + + + + Revert to old version of binaries + + bos uninstall + + + + Remove obsolete .BAK and .OLD versions + + bos prune + + + + List partitions on a file server machine + + vos listpart + + + + Shutdown AFS server processes + + bos shutdown + + + + List volumes on a partition + + vos listvldb + + + + Move read/write volumes + + vos move + + + + List a cell's database server machines + + bos listhosts + + + + Add a database server machine to server CellServDB file + + bos addhost + + + + Remove a database server machine from server CellServDB file + + bos removehost + + + + Set authorization checking requirements + + bos setauth + + + + Prevent authentication for bos, pts, and + vos commands + + Include -noauth flag + + + + Prevent authentication for kas commands + + Include -noauth flag on some commands or issue noauthentication while in interactive mode + + + + Display all VLDB server entries + + vos listaddrs + + + + Remove a VLDB server entry + + vos changeaddr + + + + Reboot a server machine remotely + + bos exec reboot_command + + + + + + + + Local Disk Files on a Server Machine + + Several types of files must reside in the subdirectories of the /usr/afs directory on an + AFS server machine's local disk. They include binaries, configuration files, the administrative database files (on database + server machines), log files, and volume header files. + + Note for Windows users: Some files described in this document possibly do not exist on + machines that run a Windows operating system. Also, Windows uses a backslash (\) rather than a + forward slash (/) to separate the elements in a pathname. + + + usr/afs/bin directory on server machines + + contents listed + + + + directory + + /usr/afs/bin on server machines + + + + server process binaries + + in /usr/afs/bin + + + + Binaries in the /usr/afs/bin Directory + + The /usr/afs/bin directory stores the AFS server process and command suite binaries + appropriate for the machine's system (CPU and operating system) type. If a process has both a server portion and a client + portion (as with the Update Server) or if it has separate components (as with the fs + process), each component resides in a separate file. + + To ensure predictable system performance, all file server machines must run the same AFS build version of a given + process. To maintain consistency easily, use the Update Server process to distribute binaries from a binary distribution + machine of each system type, as described further in Binary Distribution Machines. + + It is best to keep the binaries for all processes in the /usr/afs/bin directory, even + if you do not run the process actively on the machine. It simplifies the process of reconfiguring machines (for example, + adding database server functionality to an existing file server machine). Similarly, it is best to keep the command suite + binaries in the directory, even if you do not often issue commands while working on the server machine. It enables you to + issue commands during recovery from server and machine outages. + + The following lists the binary files in the /usr/afs/bin directory that are directly + related to the AFS server processes or command suites. Other binaries (for example, for the klog command) sometimes appear in this directory on a particular file server machine's disk or in an + AFS distribution. + + files + + backup command binary + + + + backup commands + + binary in /usr/afs/bin + + + + backup + + + The command suite for the AFS Backup System (the binary for the Backup Server is buserver). + + + files + + bos command binary + + + + bos commands + + binary in /usr/afs/bin + + + + + + bos + + + The command suite for communicating with the Basic OverSeer (BOS) Server (the binary for the BOS Server is + bosserver). + + + bosserver + + binary in /usr/afs/bin + + + + bosserver + + + + BOS Server + + + + files + + bosserver binary + + + + programs + + bosserver + + + + processes + + BOS Server, binary in /usr/afs/bin + + + + BOS Server + + binary in /usr/afs/bin + + + + + + bosserver + + + The binary for the Basic OverSeer (BOS) Server process. + + + buserver + + binary in /usr/afs/bin + + + + buserver + + + + Backup Server + + + + files + + buserver + + + + programs + + buserver + + + + processes + + Backup Server, binary in /usr/afs/bin + + + + Backup Server + + binary in /usr/afs/bin + + + + + + buserver + + + The binary for the Backup Server process. + + + fileserver + + binary in /usr/afs/bin + + + + fileserver + + + + File Server + + + + files + + fileserver + + + + programs + + fileserver + + + + processes + + File Server, binary in /usr/afs/bin + + + + File Server + + binary in /usr/afs/bin + + + + + + fileserver + + + The binary for the File Server component of the fs process. + + + files + + kas command binary + + + + kas commands + + binary in /usr/afs/bin + + + + + + kas + + + The command suite for communicating with the Authentication Server (the binary for the Authentication Server is + kaserver). + + + kaserver process + + binary in /usr/afs/bin + + + + kaserver process + + + + Authentication Server + + + + files + + kaserver binary file + + + + programs + + kaserver + + + + processes + + Authentication Server, binary in /usr/afs/bin + + + + Authentication Server + + binary in /usr/afs/bin + + + + + + kaserver + + + The binary for the Authentication Server process. + + + ntpd + + binary in /usr/afs/bin + + + + files + + ntpd + + + + programs + + ntpd + + + + processes + + NTPD, binary in /usr/afs/bin + + + + NTPD + + + + Network Time Protocol Daemon + + + + NTPD + + + + + + ntpd + + + The binary for the Network Time Protocol Daemon (NTPD). AFS redistributes this binary and uses the runntp program to configure and initialize the NTPD process. + + + ntpdc + + binary in /usr/afs/bin + + + + files + + ntpdc + + + + programs + + ntpdc + + + + + + ntpdc + + + A debugging utility furnished with the ntpd program. + + + files + + pts command binary + + + + pts commands + + binary in /usr/afs/bin + + + + + + pts + + + The command suite for communicating with the Protection Server process (the binary for the Protection Server is + ptserver). + + + ptserver process + + binary in /usr/afs/bin + + + + ptserver process + + + + Protection Server + + + + files + + ptserver binary + + + + programs + + ptserver + + + + processes + + Protection Server, binary in /usr/afs/bin + + + + Protection Server + + binary in /usr/afs/bin + + + + + + ptserver + + + The binary for the Protection Server process. + + + runntp + + binary in /usr/afs/bin + + + + runntp + + + + NTPD + + + + files + + runntp + + + + programs + + runntp + + + + + + runntp + + + The binary for the program used to configure NTPD most appropriately for use with AFS. + + + Salvager + + binary in /usr/afs/bin + + + + Salvager + + + + Salvager + + + + files + + salvager + + + + programs + + salvager + + + + processes + + Salvager, binary in /usr/afs/bin + + + + + + salvager + + + The binary for the Salvager component of the fs process. + + + udebug + + binary in /usr/afs/bin + + + + files + + udebug + + + + commands + + udebug + + + + programs + + udebug + + + + + + udebug + + + The binary for a program that reports the status of AFS's distributed database technology, Ubik. + + + upclient + + binary in /usr/afs/bin + + + + upclient + + + + Update Server + + + + files + + upclient + + + + programs + + upclient + + + + processes + + Update Server, binaries in /usr/afs/bin + + + + Update Server + + binaries in /usr/afs/bin + + + + + + upclient + + + The binary for the client portion of the Update Server process. + + + upserver + + binary in /usr/afs/bin + + + + upserver + + + + Update Server + + + + files + + upserver + + + + programs + + upserver + + + + + + upserver + + + The binary for the server portion of the Update Server process. + + + vlserver + + binary in /usr/afs/bin + + + + vlserver + + + + VL Server + + + + files + + vlserver + + + + programs + + vlserver + + + + processes + + VL Server, binary in /usr/afs/bin + + + + VL Server + + binary in /usr/afs/bin + + + + Volume Location Server + + + + VL Server + + + + + + vlserver + + + The binary for the Volume Location (VL) Server process. + + + volserver + + binary in /usr/afs/bin + + + + volserver + + + + Volume Server + + + + files + + volserver + + + + programs + + volserver + + + + processes + + Volume Server, binary in /usr/afs/bin + + + + Volume Server + + binary in /usr/afs/bin + + + + + + volserver + + + The binary for the Volume Server component of the fs process. + + + files + + vos command binary + + + + vos commands + + binary in /usr/afs/bin + + + + + + vos + + + The command suite for communicating with the Volume and VL Server processes (the binaries for the servers are + volserver and vlserver, respectively). + + + + + + usr/afs/etc directory on server machines + + contents listed + + + + directory + + /usr/afs/etc + + + + files + + server configuration, in /usr/afs/etc directory + + + + common configuration files (server) + + + + server machine + + configuration files in /usr/afs/etc + + + + + Common Configuration Files in the /usr/afs/etc Directory + + The directory /usr/afs/etc on every file server machine's local disk contains + configuration files in ASCII and machine-independent binary format. For predictable AFS performance throughout a cell, all + server machines must have the same version of each configuration file: + + Update Server + + distributing server configuration files + + + + Cells that run the United States edition of AFS conventionally use the Update Server to distribute a common + version of each file from the cell's system control machine to other server machines (for more on the system control + machine, see The System Control Machine). Run the Update Server's server portion on the + system control machine, and the client portion on all other server machines. Update the files on the system control + machine only, except as directed by instructions for dealing with emergencies. + + + + Cells that run the international edition of AFS must not use the Update Server to distribute the contents of the + /usr/afs/etc directory. Due to United States government regulations, the data + encryption routines that AFS uses to protect the files in this directory as they cross the network are not available to + the Update Server in the international edition of AFS. You must instead update the files on each server machine + individually, taking extra care to issue exactly the same bos command for each machine. + The necessary data encryption routines are available to the bos commands, so + information is safe as it crosses the network from the machine where the bos command is + issued to the server machines. + + + + Never directly edit any of the files in the /usr/afs/etc directory, except as directed + by instructions for dealing with emergencies. In normal circumstances, use the appropriate bos commands to change the files. The following list includes pointers to instructions. + + The files in this directory include: + + CellServDB file (server) + + about + + + + files + + CellServDB (server) + + + + CellServDB + + + An ASCII file that names the cell's database server machines, which run the Authentication, Backup, Protection, + and VL Server processes. You create the initial version of this file by issuing the bos + setcellname command while installing your cell's first server machine. It is very important to update this + file when you change the identity of your cell's database server machines. + + The server CellServDB file is not the same as the CellServDB file stored in the /usr/vice/etc directory on + client machines. The client version lists the database server machines for every AFS cell that you choose to make + accessible from the client machine. The server CellServDB file lists only the local + cell's database server machines, because server processes never contact processes in other cells. + + For instructions on maintaining this file, see Maintaining the Server CellServDB + File. + + + KeyFile file + + function of + + + + files + + KeyFile + + + + server encryption key + + + + + + KeyFile + + + A machine-independent, binary-format file that lists the server encryption keys the AFS server processes use to + encrypt and decrypt tickets. The information in this file is the basis for secure communication in the cell, and so is + extremely sensitive. The file is specially protected so that only privileged users can read or change it. + + For instructions on maintaining this file, see Managing Server Encryption + Keys. + + + ThisCell file (server) + + + + files + + ThisCell (server) + + + + + + ThisCell + + + An ASCII file that consists of a single line defining the complete Internet domain-style name of the cell (such + as abc.com). You create this file with the bos + setcellname command during the installation of your cell's first file server machine, as instructed in the + OpenAFS Quick Beginnings. + + Note that changing this file is only one step in changing your cell's name. For discussion, see Choosing a Cell Name. + + + UserList file + + + + files + + UserList + + + + + + UserList + + + An ASCII file that lists the usernames of the system administrators authorized to issue privileged bos, vos, and backup + commands. For instructions on maintaining the file, see Administering the UserList + File. + + + + + + usr/afs/local directory on server machines + + contents listed + + + + directory + + /usr/afs/local on server machines + + + + local configuration files (server) + + + + file server machine + + configuration files in /usr/afs/local + + + + + Local Configuration Files in the /usr/afs/local Directory + + The directory /usr/afs/local contains configuration files that are different for each + file server machine in a cell. Thus, they are not updated automatically from a central source like the files in /usr/afs/bin and /usr/afs/etc directories. The most important file is + the BosConfig file; it defines which server processes are to run on that machine. + + As with the common configuration files in /usr/afs/etc, you must not edit these files + directly. Use commands from the bos command suite where appropriate; some files never need to + be altered. + + The files in this directory include the following: + + BosConfig file + + + + files + + BosConfig + + + + BosConfig + + + This file lists the server processes to run on the server machine, by defining which processes the BOS Server + monitors and what it does if the process fails. It also defines the times at which the BOS Server automatically + restarts processes for maintenance purposes. + + As you create server processes during a file server machine's installation, their entries are defined in this + file automatically. The OpenAFS Quick Beginnings outlines the bos commands to use. For a more complete description of the file, and instructions for + controlling process status by editing the file with commands from the bos suite, see + Monitoring and Controlling Server Processes. + + + NetInfo file (server version) + + + + files + + NetInfo (server version) + + + + + + NetInfo + + + This optional ASCII file lists one or more of the network interface addresses on the server machine. If it + exists when the File Server initializes, the File Server uses it as the basis for the list of interfaces that it + registers in its Volume Location Database (VLDB) server entry. See Managing Server IP + Addresses and VLDB Server Entries. + + + NetRestrict file (server version) + + + + files + + NetRestrict (server version) + + + + + + NetRestrict + + + This optional ASCII file lists one or more network interface addresses. If it exists when the File Server + initializes, the File Server removes the specified addresses from the list of interfaces that it registers in its VLDB + server entry. See Managing Server IP Addresses and VLDB Server Entries. + + + NoAuth file + + + + files + + NoAuth + + + + + + NoAuth + + + This zero-length file instructs all AFS server processes running on the machine not to perform authorization + checking. Thus, they perform any action for any user, even anonymous. This very + insecure state is useful only in rare instances, mainly during the installation of the machine. + + The file is created automatically when you start the initial bosserver process + with the -noauth flag, or issue the bos setauth + command to turn off authentication requirements. When you use the bos setauth command + to turn on authentication, the BOS Server removes this file. For more information, see Managing Authentication and Authorization Requirements. + + + SALVAGE.fs file + + + + files + + SALVAGE.fs + + + + + + SALVAGE.fs + + + This zero-length file controls how the BOS Server handles a crash of the File Server component of the fs process. The BOS Server creates this file each time it starts or restarts the fs process. If the file is present when the File Server crashes, then the BOS Server runs the + Salvager before restarting the File Server and Volume Server again. When the File Server exits normally, the BOS + Server removes the file so that the Salvager does not run. + + Do not create or remove this file yourself; the BOS Server does so automatically. If necessary, you can salvage + a volume or partition by using the bos salvage command; see Salvaging Volumes. + + + salvage.lock file + + + + files + + salvage.lock + + + + + + salvage.lock + + + This file guarantees that only one Salvager process runs on a file server machine at a time (the single process + can fork multiple subprocesses to salvage multiple partitions in parallel). As the Salvager initiates (when invoked by + the BOS Server or by issue of the bos salvage command), it creates this zero-length + file and issues the flock system call on it. It removes the file when it completes + the salvage operation. Because the Salvager must lock the file in order to run, only one Salvager can run at a + time. + + + sysid file + + + + files + + sysid + + + + File Server + + interfaces registered in VLDB + + listed in sysid file + + + + VLDB + + server machine interfaces registered + + listed in sysid file + + + + + + sysid + + + This file records the network interface addresses that the File Server (fileserver process) registers in its VLDB server entry. When the Cache Manager requests volume + location information, the Volume Location (VL) Server provides all of the interfaces registered for each server + machine that houses the volume. This enables the Cache Manager to make use of multiple addresses when accessing AFS + data stored on a multihomed file server machine. For further information, see Managing Server + IP Addresses and VLDB Server Entries. + + + + + + usr/afs/db directory on server machines + + contents listed + + + + directory + + /usr/afs/db on server machines + + + + database files + + + + replicated database files + + + + log files + + for replicated databases + + + + file server machine + + database files in /usr/afs/db + + + + + Replicated Database Files in the /usr/afs/db Directory + + The directory /usr/afs/db contains two types of files pertaining to the four replicated + databases in the cell--the Authentication Database, Backup Database, Protection Database, and Volume Location Database (VLDB): + + + A file that contains each database, with a .DB0 extension. + + + + A log file for each database, with a .DBSYS1 extension. The database server + process logs each database operation in this file before performing it. If the operation is interrupted, the process + consults this file to learn how to finish it. + + + + Each database server process (Authentication, Backup, Protection, or VL Server) maintains its own database and log + files. The database files are in binary format, so you must always access or alter them using commands from the kas suite (for the Authentication Database), backup suite (for the + Backup Database), pts suite (for the Protection Database), or vos suite (for the VLDB). + + If a cell runs more than one database server machine, each database server process keeps its own copy of its database on + its machine's hard disk. However, it is important that all the copies of a given database are the same. To synchronize them, + the database server processes call on AFS's distributed database technology, Ubik, as described in Replicating the OpenAFS Administrative Databases. + + The files listed here appear in this directory only on database server machines. On non-database server machines, this + directory is empty. + + files + + bdb.DB0 + + + + bdb.DB0 file + + + + bdb.DB0 + + + The Backup Database file. + + + files + + bdb.DBSYS1 + + + + bdb.DBSYS1 file + + + + + + bdb.DBSYS1 + + + The Backup Database log file. + + + files + + kaserver.DB0 + + + + kaserver.DB0 file + + + + + + kaserver.DB0 + + + The Authentication Database file. + + + files + + kaserver.DBSYS1 + + + + kaserver.DBSYS1 file + + + + + + kaserver.DBSYS1 + + + The Authentication Database log file. + + + files + + prdb.DB0 + + + + prdb.DB0 file + + + + + + prdb.DB0 + + + The Protection Database file. + + + files + + prdb.DBSYS1 + + + + prdb.DBSYS1 file + + + + + + prdb.DBSYS1 + + + The Protection Database log file. + + + files + + vldb.DB0 + + + + vldb.DB0 file + + + + + + vldb.DB0 + + + The Volume Location Database file. + + + files + + vldb.DBSYS1 + + + + vldb.DBSYS1 file + + + + + + vldb.DBSYS1 + + + The Volume Location Database log file. + + + + + + usr/afs/logs directory on server machines + + contents listed + + + + directory + + /usr/afs/logs on server machines + + + + file server machine + + core files in /usr/afs/logs + + + + file server machine + + log files in /usr/afs/logs + + + + log files + + for server processes + + + + core files + + for server processes + + + + + Log Files in the /usr/afs/logs Directory + + The /usr/afs/logs directory contains log files from various server processes. The files + detail interesting events that occur during normal operations. For instance, the Volume Server can record volume moves in the + VolserLog file. Events are recorded at completion, so the server processes do not use these + files to reconstruct failed operations unlike the ones in the /usr/afs/db directory. + + The information in log files can be very useful as you evaluate process failures and other problems. For instance, if + you receive a timeout message when you try to access a volume, checking the FileLog file + possibly provides an explanation, showing that the File Server was unable to attach the volume. To examine a log file + remotely, use the bos getlog command as described in Displaying + Server Process Log Files. + + This directory also contains the core image files generated if a process being monitored by the BOS Server crashes. The + BOS Server attempts to add an extension to the standard core name to indicate which process + generated the core file (for example, naming a core file generated by the Protection Server core.ptserver). The BOS Server cannot always assign the correct extension if two processes fail at + about the same time, so it is not guaranteed to be correct. + + The directory contains the following files: + + AuthLog file + + + + files + + AuthLog + + + + AuthLog + + + The Authentication Server's log file. + + + BackupLog file + + + + files + + BackupLog + + + + + + BackupLog + + + The Backup Server's log file. + + + BosLog file + + + + files + + BosLog + + + + + + BosLog + + + The BOS Server's log file. + + + files + + FileLog + + + + FileLog file + + + + + + FileLog + + + The File Server's log file. + + + files + + SalvageLog + + + + SalvageLog file + + + + + + SalvageLog + + + The Salvager's log file. + + + VLLog file + + + + files + + VLLog + + + + + + VLLog + + + The Volume Location (VL) Server's log file. + + + VolserLog file + + + + files + + VolserLog + + + + + + VolserLog + + + The Volume Server's log file. + + + + + core.process + + + If present, a core image file produced as an AFS server process on the machine crashed (probably the process + named by process). + + + + + + To prevent log files from growing unmanageably large, restart the server processes periodically, particularly the + database server processes. To avoid restarting the processes, use the UNIX rm command to + remove the file as the process runs; it re-creates it automatically. + + + + vicep directory on server machines + + contents listed + + + + directory + + /vicep on server machines + + + + volume header + + in /vicep directories + + + + partition + + housing AFS volumes + + + + file server machine + + partitions, naming + + + + + Volume Headers on Server Partitions + + A partition that houses AFS volumes must be mounted at a subdirectory of the machine's root ( / ) directory (not, for + instance under the /usr directory). The file server machine's file system registry file + (/etc/fstab or equivalent) must correctly map the directory name and the partition's device + name. The directory name is of the form /vicepindex, where each index is one or two lowercase + letters. By convention, the first AFS partition on a machine is mounted at /vicepa, the + second at /vicepb, and so on. If there are more than 26 partitions, continue with /vicepaa, /vicepab and so on. The OpenAFS Release + Notes specifies the number of supported partitions per server machine. + + Do not store non-AFS files on AFS partitions. The File Server and Volume Server expect to have available all of the + space on the partition. + + The /vicep directories contain two types of files: + + V.vol_ID.vol file + + + + files + + V.vol_ID.vol + + + + Vvol_ID.vol + + + Each such file is a volume header. The vol_ID corresponds to the volume ID number displayed in the output from + the vos examine, vos listvldb, and vos listvol commands. + + + FORCESALVAGE file + + + + files + + FORCESALVAGE + + + + + + FORCESALVAGE + + + This zero-length file triggers the Salvager to salvage the entire partition. The AFS-modified version of the + fsck program creates this file if it discovers corruption. + + + + + + For most system types, it is important never to run the standard fsck program + provided with the operating system on an AFS file server machine. It removes all AFS volume data from server partitions + because it does not recognize their format. + + + + roles for server machine + + + + server machine + + roles summarized + + + + + + The Four Roles for File Server Machines + + In cells that have more than one server machine, not all server machines have to perform exactly the same functions. The + are four possible roles a machine can assume, determined by which server processes it is running. A machine + can assume more than one role by running all of the relevant processes. The following list summarizes the four roles, which are + described more completely in subsequent sections. + + A simple file server machine runs only the processes that store and deliver AFS files to client + machines. You can run as many simple file server machines as you need to satisfy your cell's performance and disk space + requirements. + + + + A database server machine runs the four database server processes that maintain AFS's + replicated administrative databases: the Authentication, Backup, Protection, and Volume Location (VL) Server + processes. + + + + A binary distribution machine distributes the AFS server binaries for its system type to all + other server machines of that system type. + + + + The single system control machine distributes common server configuration files to all other + server machines in the cell, in a cell that runs the United States edition of AFS (cells that use the international + edition of AFS must not use the system control machine for this purpose). The machine conventionally also serves as the + time synchronization source for the cell, adjusting its clock according to a time source outside the cell. + + + + If a cell has a single server machine, it assumes the simple file server and database server roles. The instructions in + the OpenAFS Quick Beginnings also have you configure it as the system control machine and binary + distribution machine for its system type, but it does not actually perform those functions until you install another server + machine. + + It is best to keep the binaries for all of the AFS server processes in the /usr/afs/bin + directory, even if not all processes are running. You can then change which roles a machine assumes simply by starting or + stopping the processes that define the role. + + + simple file server machine + + + + server machine + + simple file server role + + + + Simple File Server Machines + + A simple file server machine runs only the server processes that store and deliver AFS files to + client machines, monitor process status, and pick up binaries and configuration files from the cell's binary distribution and + system control machines. + + In general, only cells with more than three server machines need to run simple file server machines. In cells with three + or fewer machines, all of them are usually database server machines (to benefit from replicating the administrative + databases); see Database Server Machines. + + The following processes run on a simple file server machine: + + The BOS Server (bosserver process) + + + + The fs process, which combines the File Server, Volume Server, and Salvager + processes so that they can coordinate their operations on the data in volumes and avoid the inconsistencies that can + result from multiple simultaneous operations on the same data + + + + The NTP coordinator (runntp process), which helps keep the machine's clock + synchronized with the clocks on the other server machines in the cell + + + + A client portion of the Update Server that picks up binary files from the binary distribution machine of its AFS + system type (the upclientbin process) + + + + A client portion of the Update Server that picks up common configuration files from the system control machine, in + cells running the United States edition of AFS (the upclientetc process) + + + + + database server machine + + defined + + + + server machine + + database server role + + + + Backup Server + + runs on database server machine + + + + Authentication Server + + runs on database server machine + + + + Protection Server + + runs on database server machine + + + + VL Server + + runs on database server machine + + + + + Database Server Machines + + A database server machine runs the four processes that maintain the AFS replicated administrative + databases: the Authentication Server, Backup Server, Protection Server, and Volume Location (VL) Server, which maintain the + Authentication Database, Backup Database, Protection Database, and Volume Location Database (VLDB), respectively. To review + the functions of these server processes and their databases, see AFS Server Processes and the Cache + Manager. + + If a cell has more than one server machine, it is best to run more than one database server machine, but more than three + are rarely necessary. Replicating the databases in this way yields the same benefits as replicating volumes: increased + availability and reliability of information. If one database server machine or process goes down, the information in the + database is still available from others. The load of requests for database information is spread across multiple machines, + preventing any one from becoming overloaded. + + Unlike replicated volumes, however, replicated databases do change frequently. Consistent system performance demands + that all copies of the database always be identical, so it is not possible to record changes in only some of them. To + synchronize the copies of a database, the database server processes use AFS's distributed database technology, Ubik. See Replicating the OpenAFS Administrative Databases. + + It is critical that the AFS server processes on every server machine in a cell know which machines are the database + server machines. The database server processes in particular must maintain constant contact with their peers in order to + coordinate the copies of the database. The other server processes often need information from the databases. Every file server + machine keeps a list of its cell's database server machines in its local /usr/afs/etc/CellServDB file. Cells that use the States edition of AFS can use the system control + machine to distribute this file (see The System Control Machine). + + The following processes define a database server machine: + + The Authentication Server (kaserver process) + + + + The Backup Server (buserver process) + + + + The Protection Server (ptserver process) + + + + The VL Server (vlserver process) + + + + Database server machines can also run the processes that define a simple file server machine, as listed in Simple File Server Machines. One database server machine can act as the cell's system control + machine, and any database server machine can serve as the binary distribution machine for its system type; see The System Control Machine and Binary Distribution Machines. + + + binary distribution machine + + defined + + + + server machine + + binary distribution role + + + + Update Server + + server portion + + on binary distribution machine + + + + Update Server + + client portion + + for binaries + + + + + Binary Distribution Machines + + A binary distribution machine stores and distributes the binary files for the AFS processes and + command suites to all other server machines of its system type. Each file server machine keeps its own copy of AFS server + process binaries on its local disk, by convention in the /usr/afs/bin directory. For + consistent system performance, however, all server machines must run the same version (build level) of a process. For + instructions for checking a binary's build level, see Displaying A Binary File's Build Level. + The easiest way to keep the binaries consistent is to have a binary distribution machine of each system type distribute them + to its system-type peers. + + The process that defines a binary distribution machine is the server portion of the Update Server (upserver process). The client portion of the Update Server (upclientbin process) runs on the other server machines of that system type and references the binary + distribution machine. + + Binary distribution machines usually also run the processes that define a simple file server machine, as listed in Simple File Server Machines. One binary distribution machine can act as the cell's system control + machine, and any binary distribution machine can serve as a database server machine; see The System + Control Machine and Database Server Machines. + + + system control machine + + + + configuration files + + server machine, common + + + + server machine + + system control role + + + + + The System Control Machine + + In cells that run the United States edition of AFS, the system control machine stores and + distributes system configuration files shared by all of the server machines in the cell. Each file server machine keeps its + own copy of the configuration files on its local disk, by convention in the /usr/afs/etc + directory. For consistent system performance, however, all server machines must use the same files. The easiest way to keep + the files consistent is to have the system control machine distribute them. You make changes only to the copy stored on the + system control machine, as directed by the instructions in this document. The United States edition of AFS is available to + cells in the United States and Canada and to selected institutions in other countries, as determined by United States + government regulations. + + Cells that run the international version of AFS do not use the system control machine to distribute system configuration + files. Some of the files contain information that is too sensitive to cross the network unencrypted, and United States + government regulations forbid the export of the necessary encryption routines in the form that the Update Server uses. You + must instead update the configuration files on each file server machine individually. The bos + commands that you use to update the files encrypt the information using an exportable form of the encryption routines. + + For a list of the configuration files stored in the /usr/afs/etc directory, see Common Configuration Files in the /usr/afs/etc Directory. + + The OpenAFS Quick Beginnings configures a cell's first server machine as the system control + machine. If you wish, you can reassign the role to a different machine that you install later, but you must then change the + client portion of the Update Server (upclientetc) process running on all other server + machines to refer to the new system control machine. + + The following processes define the system control machine: + + Update Server + + server portion + + on system control machine + + + + Update Server + + client portion + + for configuration files + + + + The server portion of the Update Server (upserver) process, in cells using the + United States edition of AFS. The client portion of the Update Server (upclientetc + process) runs on the other server machines and references the system control machine. + + + + The NTP coordinator (runntp process) which points to a time source outside the + cell, if the cell uses NTPD to synchronize its clocks. The runntp process on other + machines reference the system control machine as their main time source. + + + + The system control machine can also run the processes that define a simple file server machine, as listed in Simple File Server Machines. It can also server as a database server machine, and by convention acts + as the binary distribution machine for its system type. A single upserver process can + distribute both configuration files and binaries. See Database Server Machines and Binary Distribution Machines. + + + determining + + roles taken by server machine + + + + identifying + + roles taken by server machine + + + + server machine + + determining roles + + + + roles for server machine + + determining + + + + database server machine + + identifying with bos status + + + + determining + + identity of database server machines + + + + identifying + + database server machine + + + + + To locate database server machines + + + + Issue the bos listhosts command. + % bos listhosts <machine name> + + + The machines listed in the output are the cell's database server machines. For complete instructions and example + output, see To display a cell's database server machines. + + + + (Optional) Issue the bos status command to verify + that a machine listed in the output of the bos listhosts command is actually running the + processes that define it as a database server machine. For complete instructions, see Displaying + Process Status and Information from the BosConfig File. + % bos status <machine name> buserver kaserver ptserver vlserver + + + If the specified machine is a database server machine, the output from the bos + status command includes the following lines: + + + Instance buserver, currently running normally. + Instance kaserver, currently running normally. + Instance ptserver, currently running normally. + Instance vlserver, currently running normally. + + + + + + system control machine + + identifying with bos status + + + + determining + + identity of system control machine + + + + identifying + + system control machine + + + + + To locate the system control machine + + + + Issue the bos status command for any server machine. Complete instructions appear + in Displaying Process Status and Information from the BosConfig File. + % bos status <machine name> upserver upclientbin upclientetc -long + + + The output you see depends on the machine you have contacted: a simple file server machine, the system control + machine, or a binary distribution machine. See Interpreting the Output from the bos status + Command. + + + + + binary distribution machine + + identifying with bos status + + + + determining + + identity of binary distribution machine + + + + identifying + + binary distribution machine + + + + + To locate the binary distribution machine for a system type + + + + Issue the bos status command for a file server machine of the system type you are + checking (to determine a machine's system type, issue the fs sysname or sys command as described in Displaying and Setting the System Type + Name. Complete instructions for the bos status command appear in Displaying Process Status and Information from the BosConfig File. + % bos status <machine name> upserver upclientbin upclientetc -long + + + The output you see depends on the machine you have contacted: a simple file server machine, the system control + machine, or a binary distribution machine. See Interpreting the Output from the bos status + Command. + + + + + simple file server machine + + identifying with bos status + + + + determining + + identity of: + + simple file server machines + + + + identifying + + simple file server machine + + + + + Interpreting the Output from the bos status Command + + Interpreting the output of the bos status command is most straightforward for a simple + file server machine. There is no upserver process, so the output includes the following + message: + + + bos: failed to get instance info for 'upserver' (no such entity) + + + A simple file server machine runs the upclientbin process, so the output includes a + message like the following. It indicates that fs7.abc.com is the binary distribution machine + for this system type. + + + Instance upclientbin, (type is simple) currently running normally. + Process last started at Wed Mar 10 23:37:09 1999 (1 proc start) + Command 1 is '/usr/afs/bin/upclient fs7.abc.com -t 60 /usr/afs/bin' + + + If you run the United States edition of AFS, a simple file server machine also runs the upclientetc process, so the output includes a message like the following. It indicates that fs1.abc.com is the system control machine. + + + Instance upclientetc, (type is simple) currently running normally. + Process last started at Mon Mar 22 05:23:49 1999 (1 proc start) + Command 1 is '/usr/afs/bin/upclient fs1.abc.com -t 60 /usr/afs/etc' + + + + The Output on the System Control Machine + + If you run the United States edition of AFS and have issued the bos status command + for the system control machine, the output includes an entry for the upserver process + similar to the following: + + + Instance upserver, (type is simple) currently running normally. + Process last started at Mon Mar 22 05:23:54 1999 (1 proc start) + Command 1 is '/usr/afs/bin/upserver' + + + If you are using the default configuration recommended in the OpenAFS Quick Beginnings, the + system control machine is also the binary distribution machine for its system type, and a single upserver process distributes both kinds of updates. In that case, the output includes the following + messages: + + + bos: failed to get instance info for 'upclientbin' (no such entity) + bos: failed to get instance info for 'upclientetc' (no such entity) + + + If the system control machine is not a binary distribution machine, the output includes an error message for the + upclientetc process, but a complete a listing for the upclientbin process (in this case it refers to the machine fs5.abc.com as the binary distribution machine): + + + Instance upclientbin, (type is simple) currently running normally. + Process last started at Mon Mar 22 05:23:49 1999 (1 proc start) + Command 1 is '/usr/afs/bin/upclient fs5.abc.com -t 60 /usr/afs/bin' + bos: failed to get instance info for 'upclientetc' (no such entity) + + + + + The Output on a Binary Distribution Machine + + If you have issued the bos status command for a binary distribution machine, the + output includes an entry for the upserver process similar to the following and error + message for the upclientbin process: + + + Instance upserver, (type is simple) currently running normally. + Process last started at Mon Apr 5 05:23:54 1999 (1 proc start) + Command 1 is '/usr/afs/bin/upserver' + bos: failed to get instance info for 'upclientbin' (no such entity) + + + Unless this machine also happens to be the system control machine, a message like the following references the system + control machine (in this case, fs3.abc.com): + + + Instance upclientetc, (type is simple) currently running normally. + Process last started at Mon Apr 5 05:23:49 1999 (1 proc start) + Command 1 is '/usr/afs/bin/upclient fs3.abc.com -t 60 /usr/afs/etc' + + + + + + + Administering Database Server Machines + + This section explains how to administer database server machines. For installation instructions, see the OpenAFS + Quick Beginnings. + + + distribution + + of databases + + + + database, distributed + + + + administrative database + + + + distributed database + + + + administrative database + + + + administrative database + + about replicating + + + + database server machine + + maintaining + + + + Ubik + + operation described + + + + synchronization site (Ubik) + + defined + + + + secondary site (Ubik) + + + + coordinator (Ubik) + + defined + + + + Ubik + + automatic updates + + + + automatic + + update to admin. databases by Ubik + + + + Replicating the OpenAFS Administrative Databases + + There are several benefits to replicating the AFS administrative databases (the Authentication, Backup, Protection, and + Volume Location Databases), as discussed in Replicating the OpenAFS Administrative Databases. For + correct cell functioning, the copies of each database must be identical at all times. To keep the databases synchronized, AFS + uses library of utilities called Ubik. Each database server process runs an associated lightweight Ubik + process, and client-side programs call Ubik's client-side subroutines when they submit requests to read and change the + databases. + + Ubik is designed to work with minimal administrator intervention, but there are several configuration requirements, as + detailed in Configuring the Cell for Proper Ubik Operation. The following brief overview of + Ubik's operation is helpful for understanding the requirements. For more details, see How Ubik + Operates Automatically. + + Ubik is designed to distribute changes made in an AFS administrative database to all copies as quickly as possible. Only + one copy of the database, the synchronization site, accepts change requests from clients; the lightweight + Ubik process running there is the Ubik coordinator. To maintain maximum availability, there is a separate + Ubik coordinator for each database, and the synchronization site for each of the four databases can be on a different machine. + The synchronization site for a database can also move from machine to machine in response to process, machine, or network + outages. + + The other copies of a database, and the Ubik processes that maintain them, are termed secondary. + The secondary sites do not accept database changes directly from client-side programs, but only from the synchronization + site. + + After the Ubik coordinator records a change in its copy of a database, it immediately sends the change to the secondary + sites. During the brief distribution period, clients cannot access any of the copies of the database, even for reading. If the + coordinator cannot reach a majority of the secondary sites, it halts the distribution and informs the client that the + attempted change failed. + + To avoid distribution failures, the Ubik processes maintain constant contact by exchanging time-stamped messages. As + long as a majority of the secondary sites respond to the coordinator's messages, there is a quorum of + sites that are synchronized with the coordinator. If a process, machine, or network outage breaks the quorum, the Ubik + processes attempt to elect a new coordinator in order to establish a new quorum among the highest possible number of sites. + See A Flexible Coordinator Boosts Availability. + + + Ubik + + requirements summarized + + + + database server process + + need to run all on every database server machine + + + + CellServDB file (server) + + importance to Ubik operation + + + + Configuring the Cell for Proper Ubik Operation + + This section describes how to configure your cell to maintain proper Ubik operation. + + Run all four database server processes--Authentication Server, Backup Server, Protection Server, and VL + Server--on all database server machines. + + Both the client and server portions of Ubik expect that all the database server machines listed in the CellServDB file are running all of the database server processes. There is no mechanism for + indicating that only some database server processes are running on a machine. + + + + Maintain correct information in the /usr/afs/etc/CellServDB file at all + times. + + Ubik consults the /usr/afs/etc/CellServDB file to determine the sites with + which to establish and maintain a quorum. Incorrect information can result in unsynchronized databases or election of + a coordinator in each of several subgroups of machines, because the Ubik processes on various machines do not agree on + which machines need to participate in the quorum. + + If you run the United States version of AFS and use the Update Server, it is simplest to maintain the /usr/afs/etc/CellServDB file on the system control machine, which distributes its copy to all + other server machines. The OpenAFS Quick Beginnings explains how to configure the Update Server. + If you run the international version of AFS, you must update the file on each machine individually. + + The only reason to alter the file is when configuring or decommissioning a database server machine. Use the + appropriate bos commands rather than editing the file by hand. For instructions, see + Maintaining the Server CellServDB File. The instructions in Monitoring and Controlling Server Processes for stopping and starting processes remind you + to alter the CellServDB file when appropriate, as do the instructions in the + OpenAFS Quick Beginnings for installing or decommissioning a database server machine. + + (Client processes and the server processes that do not maintain databases also rely on correct information in + the CellServDB file for proper operation, but their use of the information does not + affect Ubik's operation. See Maintaining the Server CellServDB File and Maintaining Knowledge of Database Server Machines.) + + + clocks + + need to synchronize for Ubik + + + + + Keep the clocks synchronized on all machines in the cell, especially the database server machines. + + In the conventional configuration specified in the OpenAFS Quick Beginnings, you run the + runntp process to supervise the local Network Time Protocol Daemon (NTPD) on every + AFS server machine. The NTPD on the system control machine synchronizes its clock with a reliable source outside the + cell and broadcasts the time to the NTPDs on the other server machines. You can choose to run a different time + synchronization protocol if you wish. + + Keeping clocks synchronized is important because the Ubik processes at a database's sites timestamp the messages + which they exchange to maintain constant contact. Timestamping the messages is necessary because in a networked + environment it is not safe to assume that a message reaches its destination instantly. Ubik compares the timestamp on + an incoming message with the current time. If the difference is too great, it is possible that an outage is preventing + reliable communication between the Ubik sites, which can possibly result in unsynchronized databases. Ubik considers + the message invalid, which can prompt it to attempt election of a different coordinator. + + Electing a new coordinator is appropriate if a timestamped message is expired due to actual interruption of + communication, but not if a message appears expired only because the sender and recipient do not share the same time. + For detailed examples of how unsynchronized clocks can destabilize Ubik operation, see How + Ubik Uses Timestamped Messages. + + + + + Ubik + + features summarized + + + + process + + lightweight Ubik + + + + Ubik + + server and client portions + + + + + How Ubik Operates Automatically + + The following Ubik features help keep its maintenance requirements to a minimum: + + Ubik's server and client portions operate automatically. + + Each database server process runs a lightweight process to call on the server portion of the Ubik library. It is + common to refer to this lightweight process itself as Ubik. Because it is lightweight, the Ubik process does not + appear in process listings such as those generated by the UNIX ps command. + Client-side programs that need to read and change the databases directly call the subroutines in the Ubik library's + client portion, rather than running a separate lightweight process. Examples of such programs are the klog command and the commands in the pts suite. + + + + Ubik tracks database version numbers. + + As the coordinator records a change to a database, it increments the database's version number. The version + number makes it easy for the coordinator to determine if a site has the most recent version or not. The version number + speeds the return to normal functioning after election of a new coordinator or when communication is restored after an + outage, because it makes it easy to determine which site has the most current database and which need to be + updated. + + + + Ubik's use of timestamped messages guarantees that database copies are always synchronized during normal + operation. + + Replicating a database to increase data availability is pointless if all copies of the database are not the + same. Inconsistent performance can result if clients receive different information depending on which copy of the + database they access. As previously noted, Ubik sites constantly track the status of their peers by exchanging + timestamped messages. For a detailed description, see How Ubik Uses Timestamped + Messages. + + + + The ability to move the coordinator maximizes database availability. + + Suppose, for example, that in a cell with three database server machines a network partition separates the two + secondary sites from the coordinator. The coordinator retires because it is no longer in contact with a majority of + the sites listed in the CellServDB file. The two sites on the other side of the + partition can elect a new coordinator among themselves, and it can then accept database changes from clients. If the + coordinator cannot move in this way, the database has to be read-only until the network partition is repaired. For a + detailed description of Ubik's election procedure, see A Flexible Coordinator Boosts + Availability. + + + + + consistency guarantees + + administrative databases + + + + Ubik + + consistency guarantees + + + + How Ubik Uses Timestamped Messages + + Ubik synchronizes the copies of a database by maintaining constant contact between the synchronization site and the + secondary sites. The Ubik coordinator frequently sends a time-stamped guarantee message to each of + the secondary sites. When the secondary site receives the message, it concludes that it is in contact with the + coordinator. It considers its copy of the database to be valid until time T, which is usually 60 + seconds from the time the coordinator sent the message. In response, the secondary site returns a + vote message that acknowledges the coordinator as valid until a certain time X, which is usually 120 + seconds in the future. + + The coordinator sends guarantee messages more frequently than every T seconds, so that the + expiration periods overlap. There is no danger of expiration unless a network partition or other outage actually + interrupts communication. If the guarantee expires, the secondary site's copy of the database it not necessarily current. + Nonetheless, the database server continues to service client requests. It is considered better for overall cell + functioning that a secondary site remains accessible even if the information it is distributing is possibly out of date. + Most of the AFS administrative databases do not change that frequently, in any case, and making a database inaccessible + causes a timeout for clients that happen to access that copy. + + As previously mentioned, Ubik's use of timestamped messages makes it vital to synchronize the clocks on database + server machines. There are two ways that skewed clocks can interrupt normal Ubik functioning, depending on which clock is + ahead of the others. + + Suppose, for example, that the Ubik coordinator's clock is ahead of the secondary sites: the coordinator's clock + says 9:35:30, but the secondary clocks say 9:31:30. The secondary sites send votes messages that acknowledge the + coordinator as valid until 9:33:30. This is two minutes in the future according to the secondary clocks, but is already in + the past from the coordinator's perspective. The coordinator concludes that it no longer has enough support to remain + coordinator and forces election of a new coordinator. Election takes about three minutes, during which time no copy of the + database accepts changes. + + The opposite possibility is that a secondary site's clock (14:50:00) is ahead of the coordinator's (14:46:30). When + the coordinator sends a guarantee message good until 14:47:30), it has already expired according to the secondary clock. + Believing that it is out of contact with the coordinator, the secondary site stops sending votes for the coordinator and + tries get itself elected as coordinator. This is appropriate if the coordinator has actually failed, but is inappropriate + when there is no actual outage. + + The attempt of a single secondary site to get elected as the new coordinator usually does not affect the performance + of the other sites. As long as their clocks agree with the coordinator's, they ignore the other secondary site's request + for votes and continue voting for the current coordinator. However, if enough of the secondary sites's clocks get ahead of + the coordinator's, they can force election of a new coordinator even though the current one is actually working + fine. + + + Ubik + + election of coordinator + + + + coordinator (Ubik) + + election procedure described + + + + election of Ubik coordinator + + + + flexible synchronization site (Ubik) + + + + synchronization site (Ubik) + + flexibility + + + + Ubik + + majority defined + + + + majority + + defined for Ubik + + + + outages + + due to Ubik election + + + + system outages + + due to Ubik election + + + + + A Flexible Coordinator Boosts Availability + + Ubik uses timestamped messages to determine when coordinator election is necessary, just as it does to keep the + database copies synchronized. As long as the coordinator receives vote messages from a majority of the sites (it + implicitly votes for itself), it is appropriate for it to continue as coordinator because it is successfully distributing + database changes. A majority is defined as more than 50% of all database sites when there are an odd number of sites; with + an even number of sites, the site with the lowest Internet address has an extra vote for breaking ties as necessary.If the + coordinator is not receiving sufficient votes, it retires and the Ubik sites elect a new coordinator. This does not happen + spontaneously, but only when the coordinator really fails or stops receiving a majority of the votes. The secondary sites + have a built-in bias to continue voting for an existing coordinator, which prevents undue elections. + + The election of the new coordinator is by majority vote. The Ubik subprocesses have a bias to vote for the site with + the lowest Internet address, which helps it gather the necessary majority quicker than if all the sites were competing to + receive votes themselves. During the election (which normally lasts less than three minutes), clients can read information + from the database, but cannot make any changes. + + Ubik's election procedure makes it possible for each database server process's coordinator to be on a different + machine. For example, if the Ubik coordinators for all four processes start out on machine A and the Protection Server on + machine A fails for some reason, then a different site (say machine B) must be elected as the new Protection Database Ubik + coordinator. Machine B remains the coordinator for the Protection Database even after the Protection Server on machine A + is working again. The failure of the Protection Server has no effect on the Authentication, Backup, or VL Servers, so + their coordinators remain on machine A. + + + + + + Backing Up and Restoring the Administrative Databases + + The AFS administrative databases store information that is critical for AFS operation in your cell. If a database + becomes corrupted due to a hardware failure or other problem on a database server machine, it likely to be difficult and + time-consuming to recreate all of the information from scratch. To protect yourself against loss of data, back up the + administrative databases to a permanent media, such as tape, on a regular basis. The recommended method is to use a standard + local disk backup utility such as the UNIX tar command. + + When deciding how often to back up a database, consider the amount of data that you are willing to recreate by hand if + it becomes necessary to restore the database from a backup copy. In most cells, the databases differ quite a bit in how often + and how much they change. Changes to the Authentication Database are probably the least frequent, and consist mostly of + changed user passwords. Protection Database and VLDB changes are probably more frequent, as users add or delete groups and + change group memberships, and as you and other administrators create or move volumes. The number and frequency of changes is + probably greatest in the Backup Database, particularly if you perform backups every day. + + The ease with which you can recapture lost changes also differs for the different databases: + + If regular users make a large proportion of the changes to the Authentication Database and Protection Database in + your cell, then recovering them possibly requires a large amount of detective work and interviewing of users, assuming + that they can even remember what changes they made at what time. + + + + Recovering lost changes to the VLDB is more straightforward, because you can use the vos + syncserv and vos syncvldb commands to correct any discrepancies between the + VLDB and the actual state of volumes on server machines. Running these commands can be time-consuming, however. + + + + The configuration information in the Backup Database (Tape Coordinator port offsets, volume sets and entries, the + dump hierarchy, and so on) probably does not change that often, in which case it is not that hard to recover a few + recent changes. In contrast, there are likely to be a large number of new dump records resulting from dump operations. + You can recover these records by using the -dbadd argument to the backup scantape command, reading in information from the backup tapes themselves. This can take a + long time and require numerous tape changes, however, depending on how much data you back up in your cell and how you + append dumps. Furthermore, the backup scantape command is subject to several + restrictions. The most basic is that it halts if it finds that an existing dump record in the database has the same dump + ID number as a dump on the tape it is scanning. If you want to continue with the scanning operation, you must locate and + remove the existing record from the database. For further discussion, see the backup + scantape command's reference page in the OpenAFS Administration Reference. + + + + These differences between the databases possibly suggest backing up the database at different frequencies, ranging from + every few days or weekly for the Backup Database to every few weeks for the Authentication Database. On the other hand, it is + probably simpler from a logistical standpoint to back them all up at the same time (and frequently), particularly if tape + consumption is not a major concern. Also, it is not generally necessary to keep backup copies of the databases for a long + time, so you can recycle the tapes fairly frequently. + + + administrative database + + backing up + + + + backing up + + administrative databases + + + + + To back up the administrative databases + + + + Log in as the local superuser root on a database server machine that is not the + synchronization site. The machine with the highest IP address is normally the best choice, since it is least likely to + become the synchronization site in an election. + + + + Issue the bos shutdown command to shut down the + relevant server process on the local machine. For a complete description of the command, see To + stop processes temporarily. + + For the -instance argument, specify one or more database server process names + (buserver for the Backup Server, kaserver for the + Authentication Server, ptserver for the Protection Server, or vlserver for the Volume Location Server. Include the -localauth + flag because you are logged in as the local superuser root but do not necessarily have + administrative tokens. + + + # bos shutdown <machine name> -instance <instances>+ -localauth [-wait] + + + + + Use a local disk backup utility, such as the UNIX tar command, to transfer one or + more database files to tape. If the local database server machine does not have a tape device attached, use a remote copy + command to transfer the file to a machine with a tape device, then use the tar command + there. + + The following command sequence backs up the complete contents of the /usr/afs/db + directory + + + # cd /usr/afs/db + # tar cvf tape_device . + + + To back up individual database files, substitute their names for the period in the preceding tar command: + + bdb.DB0 for the Backup Database + + + + kaserver.DB0 for the Authentication Database + + + + prdb.DB0 for the Protection Database + + + + vldb.DB0 for the VLDB + + + + + + Issue the bos start command to restart the server processes on the local machine. + For a complete description of the command, see To start processes by changing their status flags + to Run. Provide the same values for the -instance argument as in Step 2, and the -localauth flag for the same reason. + + # bos start <machine name> -instance <server process name>+ -localauth + + + + + + administrative database + + restoring + + + + restoring + + administrative databases + + + + + To restore an administrative database + + + + Log in as the local superuser root on each database server machine in the + cell. + + + + Working on one of the machines, issue the bos + shutdown command once for each database server machine, to shut down the relevant server process on all of + them. For a complete description of the command, see To stop processes temporarily. + + For the -instance argument, specify one or more database server process names + (buserver for the Backup Server, kaserver for the + Authentication Server, ptserver for the Protection Server, or vlserver for the Volume Location Server. Include the -localauth + flag because you are logged in as the local superuser root but do not necessarily have + administrative tokens. + + + # bos shutdown <machine name> -instance <instances>+ -localauth [-wait] + + + + + Remove the database from each database server machine, by issuing the following commands on each one. + + # cd /usr/afs/db + + + For the Backup Database: + + + # rm bdb.DB0 + # rm bdb.DBSYS1 + + + For the Authentication Database: + + + # rm kaserver.DB0 + # rm kaserver.DBSYS1 + + + For the Protection Database: + + + # rm prdb.DB0 + # rm prdb.DBSYS1 + + + For the VLDB: + + + # rm vldb.DB0 + # rm vldb.DBSYS1 + + + + + Using the local disk backup utility that you used to back up the database, copy the most recently backed-up version + of it to the appropriate file on the database server machine with the lowest IP address. The following is an appropriate + tar command if the synchronization site has a tape device attached: + # cd /usr/afs/db + # tar xvf tape_device database_file + + + where database_file is one of the following: + + bdb.DB0 for the Backup Database + + + + kaserver.DB0 for the Authentication Database + + + + prdb.DB0 for the Protection Database + + + + vldb.DB0 for the VLDB + + + + + + Working on one of the machines, issue the bos start command to restart the server + process on each of the database server machines in turn. Start with the machine with the lowest IP address, which becomes + the synchronization site for the Backup Database. Wait for it to establish itself as the synchronization site before + repeating the command to restart the process on the other database server machines. For a complete description of the + command, see To start processes by changing their status flags to Run. Provide the same + values for the -instance argument as in Step 2, + and the -localauth flag for the same reason. + # bos start <machine name> -instance <server process name>+ -localauth + + + + + If the database has changed since you last backed it up, issue the appropriate commands from the instructions in the + indicated sections to recreate the information in the restored database. If issuing pts + commands, you must first obtain administrative tokens. The backup and vos commands accept the -localauth flag if you are logged in as + the local superuser root, so you do not need administrative tokens. The Authentication + Server always performs a separate authentication anyway, so you only need to include the -admin argument if issuing kas commands. + + To define or remove volume sets and volume entries in the Backup Database, see Defining and Displaying Volume Sets and Volume Entries. + + + + To edit the dump hierarchy in the Backup Database, see Defining and Displaying the + Dump Hierarchy. + + + + To define or remove Tape Coordinator port offset entries in the Backup Database, see Configuring Tape Coordinator Machines and Tape Devices. + + + + To restore dump records in the Backup Database, see To scan the contents of a + tape. + + + + To recreate Authentication Database entries or password changes for users, see the appropriate section of + Administering User Accounts. + + + + To recreate Protection Database entries or group membership information, see the appropriate section of Administering the Protection Database. + + + + To synchronize the VLDB with volume headers, see Synchronizing the VLDB and Volume + Headers. + + + + + + + installing + + server process binaries, about + + + + server process binaries + + installing + + + + BOS Server + + maintainer of server process binaries + + + + server process + + binaries + + server process binaries + + + + directories (server) + + /usr/afs/bin + + + + server machine + + need for consistent version of software + + + + + + Installing Server Process Software + + This section explains how to install new server process binaries on file server machines, how to revert to a previous + version if the current version is not working properly, and how to install new disks to house AFS volumes on a file server + machine. + + The most frequent reason to replace a server process's binaries is to upgrade AFS to a new version. In general, + installation instructions accompany the updated software, but this chapter provides an additional reference. + + Each AFS server machine must store the server process binaries in a local disk directory, called /usr/afs/bin by convention. For predictable system performance, it is best that all server machines run + the same build level, or at least the same version, of the server software. For instructions on checking AFS build level, see + Displaying A Binary File's Build Level. + + The Update Server makes it easy to distribute a consistent version of software to all server machines. You designate one + server machine of each system type as the binary distribution machine by running the server portion of the + Update Server (upserver process) on it. All other server machines of that system type run the + client portion of the Update Server (upclientbin process) to retrieve updated software from the + binary distribution machine. The OpenAFS Quick Beginnings explains how to install the appropriate + processes. For more on binary distribution machines, see Binary Distribution Machines. + + When you use the Update Server, you install new binaries on binary distribution machines only. If you install binaries + directly on a machine that is running the upclientbin process, they are overwritten the next + time the process compares the contents of the local /usr/afs/bin directory to the contents on + the system control machine, by default within five minutes. + + The following instructions explain how to use the appropriate commands from the bos suite + to install and uninstall server binaries. + + + installing + + server binaries + + + + server process binaries + + installing + + + + command suite + + binaries + + installing + + + + file server machine + + installing command and process binaries + + + + server process + + restarting for changed binaries + + + + Installing New Binaries + + An AFS server process does not automatically switch to a new process binary file as soon as it is installed in the + /usr/afs/bin directory. The process continues to use the previous version of the binary file + until it (the process) next restarts. By default, the BOS Server restarts processes for which there are new binary files every + day at 5:00 a.m., as specified in the /usr/afs/local/BosConfig file. To display or change + this binary restart time, use the bos getrestart and bos setrestart commands, as described in Setting the BOS Server's Restart + Times. + + You can force the server machine to start using new server process binaries immediately by issuing the bos restart command as described in the following instructions. + + You do not need to restart processes when you install new command suite binaries. The new binary is invoked + automatically the next time a command from the suite is issued. + + + file extension + + .BAK + + + + file extension + + .OLD + + + + BAK version of binary file + + created by bos install command + + + + OLD version of binary file + + created by bos install command + + + + saving + + previous version of server binaries + + + When you use the bos install command, the BOS Server automatically saves the current + version of a binary file by adding a .BAK extension to its name. It renames the current + .BAK version, if any, to the .OLD version, if there is no + .OLD version already. If there is a current .OLD version, + the current .BAK version must be at least seven days old to replace it. + + It is best to store AFS binaries in the /usr/afs/bin directory, because that is the + only directory the BOS Server automatically checks for new binaries. You can, however, use the bos + install command's -dir argument to install non-AFS binaries into other directories + on a server machine's local disk. See the command's reference page in the OpenAFS Administration + Reference for further information. + + + bos commands + + install + + + + commands + + bos install + + + + + To install new server binaries + + + + Verify that you are listed in the /usr/afs/etc/UserList file. If necessary, issue + the bos listusers command, which is fully described in To + display the users in the UserList file. + % bos listusers <machine name> + + + + + Verify that the binaries are available in the source directory from which you are installing them. If the machine is + also an AFS client, you can retrieve the binaries from a central directory in AFS. Otherwise, you can obtain them directly + from the AFS distribution media, from a local disk directory where you previously installed them, or from a remote machine + using a transfer utility such as the ftp command. + + + + Issue the bos install command for the binary distribution + machine. (If you have forgotten which machine is performing that role, see To locate the binary + distribution machine for a system type.) + % bos install <