Techy Information - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Techy Information

Description:

1984 - Developed at CMU as part of Project Andrew ... Some machines are: arsenic, antimony, oxygen, hydrogen, nitrogen, selenium. Solaris 9 machines ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 19
Provided by: netwo3
Category:

less

Transcript and Presenter's Notes

Title: Techy Information


1
Techy Information
  • Anandha Gopalan
  • September 13, 2006

2
Outline
  • AFS overview
  • Departmental software
  • Departmental machines
  • The ticket system
  • Help !!!

3
AFS overview
  • What is AFS ?
  • Andrew File System
  • 1984 - Developed at CMU as part of Project
    Andrew
  • 1989 - Transarc Corporation founded to
    commercialize AFS
  • 1998 - Transarc acquired by IBM
  • 2000 - IBM releases OpenAFS under the IBM Public
    License (IPL)

4
Why AFS ?
  • Security authentication via Kerberos 4
  • Fine grained control over file permissions
  • Can give individual users access to files and
    directories
  • Accessible via both UNIX and Windows ?
  • More information about clients
  • http//www.openafs.org/

5
AFS permissions
  • Access Control Lists (ACLs) grant permissions on
    a per user and group basis. Each directory has an
    ACL that controls the directory and the files in
    it
  • There are seven permissions that may be granted,
    to either groups of users or individuals
  • System-defined groups exist, but you can define
    your own groups
  • ACLs always are applied to directories rather
    than to individual files
  • Files are governed by the ACL on their directory
  • If you change the ACL on a directory, access to
    all of its files changes
  • Subdirectories inherit the ACLs of their parent
    directory

6
AFS permissions
  • AFS ACLs work in conjunction with the standard
    Unix "owner" permissions. Only the owner
    permissions have an effect on AFS file access
  • Unix permissions for "group" and "other" do not
    affect AFS file access.
  • A user with appropriate AFS permissions can
  • read a file only if the UNIX "owner read" mode is
    set.
  • write to a file only if the UNIX owner "read" and
    "write" modes are set.
  • execute a file only if the UNIX owner "read" and
    "execute" modes are set.

7
AFS permissions
  • Lookup l, allows a user to list the contents of
    the AFS directory, examine the ACL associated
    with the directory and access subdirectories.
  • Insert i, allows a user to add new files or
    subdirectories to the directory.
  • Delete d, allows a user to remove files and
    subdirectories from the directory.
  • Administer a, allows a user to change the ACL
    for the directory. Users always have this right
    on their home directory, even if they
    accidentally remove themselves from the ACL.
  • Read r, allows a user to look at the contents of
    files in a directory and list files in
    subdirectories.
  • Write w, allows a user to modify files in a
    directory.
  • Lock k, allows the processor to run programs
    that need to "flock" files in the directory.

8
AFS permissions
  • System-groups in AFS
  • systemanyuser
  • Any user in the world who can gain access to your
    cell. This is a very broad group, and caution
    should always be used when granting any access to
    this group
  • systemauthuser
  • Everyone who is currently authenticated in your
    cell
  • systemadministrators
  • A few users in the cell who have been designated
    as AFS system administrators

9
AFS pitfalls
  • I have rw------- on my file, but it can still be
    read by others
  • Check the directory permissions
  • AFS works at the directory level, UNIX
    permissions are ignored
  • For a file to be executable, it still needs to
    have the correct UNIX permissions !!!

10
AFS pitfalls
  • How do I check if I have safe permissions ?
  • /usr/local/bin/checkafsperms directory
  • This checks the permission on a directory
  • /usr/local/bin/checkafshier directory
  • This checks the permission on a directory
    hierarchy
  • These commands only work on Linux
  • These commands report if any directory has
    permissions i,d,w,k,a

11
AFS pitfalls
  • 2 GB file size limitation
  • Though you dont really need this ?
  • Tokens expire after 24 hours
  • A klog will get you new tokens
  • tokens will show available tokens
  • Use reauth to run programs gt 24 hours
  • Cannot set recursive permissions ?

? ? Workaround available ? ?
To give all permissions to user nemo recursively
find . -type d -exec fs sa nemo all \
12
AFS directory setup
  • public
  • Directory that can be read and listed by all
  • Contains a directory html under which users can
    create their web pages etc...
  • private
  • Accessible only by the user
  • Backup
  • Link in the home directory which contains the
    backup that is a day old
  • For older backups, ask tech

13
Special AFS user agents
  • mailserver
  • Any process using the mail server has this
    username
  • Can be used for spam filtering using spamassasin
  • webserver
  • Any process using the http protocol
  • Can be used for providing correct access to user
    web pages, cgi programs etc

14
Department software
  • Information about new software installed on
    Linux/Solaris can be found at http//www.cs.pitt.
    edu/tech/software
  • /usr/local/contrib contains software that is used
    by a small number of people, its either something
    new or experimental
  • You can contribute by installing s/w in this
    directory (ask tech about it)
  • /usr/local contains software that is needed and
    used by the majority of people in the department

15
Departmental machines
  • The Linux machines
  • Can be accessed as linux.cs.pitt.edu or
    elements.cs.pitt.edu
  • Some machines are arsenic, antimony, oxygen,
    hydrogen, nitrogen, selenium
  • Solaris 9 machines
  • Can be accessed as blitz.cs.pitt.edu and
    javalab.cs.pitt.edu, (need to use your pitt
    account for javalab.cs.pitt.edu)

16
The ticket system
  • Any email sent to tech_at_cs.pitt.edu is logged into
    the ticket system
  • Issues a ticket number that is used to keep track
    of this ticket
  • Rather than sending an email, visit
    http//ticket.cs.pitt.edu and login with your AFS
    username and password
  • Helps in keeping track of your tickets
  • Be clear when you ask for something
  • If necessary, mention your machine name, OS, room
    number ? Trust me, it helps ?

17
HELP !!!
  • In case you are wondering
  • How on this blue-green planet do I do this ?????
  • Some answers are provided at http//www.cs.pitt.e
    du/tech
  • Has a link to an FAQ with a lot of answers
  • Has a link to the tech newsletter
  • Has a link to the upgrades and software
    installation by the software TA

18
? ? ? ? ?
Write a Comment
User Comments (0)
About PowerShow.com