NRL CCS Research Group

AFS Commands

From a user perspective, AFS consists of volumes and directory access control lists (acls). Volumes are chunks of disk space containing files and directories. User home directories are volumes named user.username and located at /afs/cmf/users/username. AFS access control is done at the directory level, not at the file level. This is an important concept to understand.

File and Directory Permissions

Access to a directory, and subsequently its files, is controlled by the directory acl. To examine a directory acl, run fs listacl directoryname or fs acl.

> fs listacl . Access list for . is Normal rights: system:anyuser rl yourusername rlidwka

There are two entries in this acl, one for system:anyuser, which we will come to in a minute, and one for you. The second half of this entry details the rights you have for your home directory. They are:

r	READ	read any file in the directory
l	LOOKUP	allows 'ls' command
i	INSERT	add new files and subdirectories to the directory
d	DELETE	remove files and subdirectories from the directory
w	WRITE	modify the contents of files in the directory
k	LOCK	run programs that need to 'flock' files in the directory
a	ADMINISTRATE	may change the acl for the directory

acl description in non table format

Changing a directory acl is done by the fs setacl command. New directories inherit the acl of their parent directory.

prompt> fs setacl . myfriend write prompt> fs listacl Access list for . is Normal rights: system:anyuser rl myfriend rlidwk yourusername rlidwka

'write' is shorthand for 'rlidwk'

'read' is shorthand for 'rl'.

An acl entry can also be a user group. A group entry will show the owner of the group followed by a colon and the name of the group. There are three global acl groups: system:anyuser, system:authuser, and system:administrators. The group system:anyuser consists of anyone on any AFS client anywhere in the world (this is literally the entire world, as AFS is truly global!). The group system:authuser consists of any user with a token for your cell. system:administrators is AFS's equivalent to the UNIX root account.

You can use the pts suite of commands to create, list and manage groups. Run pts help for a list of subcommands.

Quotas

There is a quota associated with AFS volumes. To check your quota, cd to your home directory and run fs listquota (or fs lq for short).

fs listquota Volume Name Quota Used % Used Partition user.yourusername 50000 1452 2% 86%

In this example, the volume quota is set to 50000 Kbytes (~50Meg). Only 1452 Kbytes or 2% of 50Megs have been used. The disk partition on which your volume (and lots of other volumes) reside is 86% filled. If you go over your quota, or if the partition on which your volume resides fills up, you will be unable to store files in your volume.

Resources for Additional Information about AFS

The Computational Support Services's AFS page has links to several AFS User guides. It also includes how to install AFS on your local desktop if you are part of the NRL community.
The Official AFS FAQ: this is a great source of info for AFS, maintained by Transarc.

Send comments or questions to ccshelp@nrl.navy.mil

NRL ~ Code 5000 ~ Code 5500 ~ Code 5590