Ask SIPB
Ever wondered how you can get to your files from any Athena computer? How lockers work? How you can share files with your friends? In today’s issue of Ask SIPB, we’ll cover these questions and more.
What is AFS?
AFS, formerly known as the Andrew File System (a Carnegie Mellon University development, named after Andrew Carnegie and Andrew Mellon), is a networked, distributed file system with several convenient features. It’s available for most platforms used today, including Windows, Mac OS X, Linux, and Solaris. AFS allows you to access your files from anywhere in the world, on any computer with AFS installed, using a globally-unique AFS path — somewhat like a URL on the Web. It also lets you easily allow other people to have limited or full access to your files.
How can I use it?
You already use AFS when you use any Athena workstation, including the WinAthena and MacAthena computers. Your home directory and all lockers are stored in AFS, which is how you can use the same files and software from all computers. You can also install AFS on your own computer. Many people use this to access their Athena home directory or run locker software on their own computer, to simplify transferring files and avoid installing software. The basic procedure is installing MIT Kerberos and then OpenAFS (both available as free downloads from the Web). Complete setup instructions are on our Web site at http://www.mit.edu/~asksipb/.
How can I see who has access to my files?
The ability to easily give other users access to your files is one of the major advantages of AFS. There are two commands you’ll need to use to modify the Access Control Lists (ACLs) on your files: “fs la” (filesystem list ACL) and “fs sa” (filesystem set ACL).
For example, I can run the commands:
athena% attach asksipb
athena% fs la /mit/asksipb
Access list for /mit/asksipb is
Normal rights:
system:asksipb rlidwk
system:gsipb rlidwka
system:anyuser rl
This means that anyone on the “asksipb” and “gsipb” moira lists have read/write access to the asksipb locker, and “system:anyuser” — a special name that refers to anyone with AFS installed — can read from the locker. (Another special name is “system:authuser”, which refers to people logged in to MIT’s AFS servers.)
How can I give other people access?
You would use the command “fs sa <location> <user> <access>”, for example:
athena% cd /mit/asksipb
athena% fs sa . geofft rl
athena% fs la
Normal rights:
system:asksipb rlidwk
system:gsipb rlidwka
system:anyuser rl
geofft rl
You can use a username to give them access, or “system:” followed by a moira list to give the entire list access. Note that this requires the list to be an (AFS) group: you can check this by running “blanche <listname> -i”, and enable this by running “blanche <listname> -G”.
There are seven types of access: Read, List files, Insert, Delete, Write, locK, and Admin. Although these can be set separately, in most cases “rl”, “rlidwk”, and “rlidwka” are the only useful combinations. These have the aliases “read”, “write”, and “all”. (Note that Admin access is required to change the ACL.)
How can I give someone outside MIT access?
If you want everyone outside MIT to be able to access your files, you just need to give system:anyuser access. They can then get to your files from the web by adding the full AFS path to web.mit.edu, or if it’s within a locker, by just giving the locker name after web.mit.edu. (For example, Ask SIPB is available from http://web.mit.edu/afs/sipb.mit.edu/project/asksipb/www/, as well as http://web.mit.edu/asksipb/www/). Of course, they can also just install OpenAFS.
If you want to restrict to certain people outside MIT, such as with a password, this is a little more difficult — AFS itself can’t give access to someone without an AFS account. You can make read access work with SIPB’s web servers, although this will not work for write access. Full instructions are available from http://stuff.mit.edu/faq/password.html.
One way to accomplish something similar to write access is to use scripts.mit.edu to install MediaWiki or Gallery2, and configure the settings of your new Web site to allow certain logged-in users to upload files.
How do I tell how much of my quota I’ve used?
The command “fs lq” (short for “fs listquota”) will tell you how much of the quota in the current volume is used. If you want to see how much of your own AFS volume (your home directory and subfolders) has been used, run “fs lq ~” — the tilde is a special symbol in Unix that refers to your home directory.
If you’re running low on quota, you can contact User Accounts (accounts@mit.edu, or visit the nice folks in N42) and ask for an increase. By default, your quota is 1 GB, but it can easily be increased to 2 GB, and with good cause up to 3 GB. They are also willing to create lockers for academic purposes for ASA-recognized student groups, and for installing software, so that you don’t have to keep files in your personal locker.
Where can I get more information about AFS?
The OLC stock answers (from web.mit.edu/answers, or via “olc answers” at an Athena prompt) has a section on AFS. SIPB also has the document “Inessential AFS” available from our Web site at web.mit.edu/afs/sipb.mit.edu/project/doc/afs/html/afs-new.html, as well as from our office.
To ask us a question about anything related to computing at MIT, send email to sipb@mit.edu. You can also stop by our office in W20-557 or call us at x3-7788 if you need help. Copies of each column and pointers to additional information are posted on our Web site: http://www.mit.edu/~asksipb/