AFS Overview

AFS was originally developed as the Andrew File System at Carnegie Mellon University (CMU). Later, it was a commercial product of Transarc Corporation, which became a subsidiary of IBM (IBM Pittsburgh Lab). AFS is the principal file-system software of CMU, MIT, Stanford, NCSU and a number of other universities. In the year 2000, IBM released OpenAFS as open-source software.

AFS uses a client-server architecture, server computers deliver files and software to client workstations that request them. AFS provides location independence that scales widely and stores and retrieves data transparently across a large network of computers.

Home Directory

User directories are stored (distributed) on many file servers on the university network. AFS does this distribution and management, including backup, so you do not need to know on which exact machine your files have been stored. Rather than a fixed location, you get a fixed path to your user file space, or home directory.

AFS disk is not suitable for use involving record locking across parts of files, for example, databases. Like any network file system, care must be taken when using it for I/O intensive applications.

Tokens

When you log in at a workstation or remotely using ssh, the password you supply verifies that you are the owner of the account. This is called authentication. When you are authenticated, you are given a token to use AFS. You can verify that you have a token by using the tokens command. A token automatically expires after 10 hours. If you stay logged in after that time, reauthenticate to continue your session by following these two steps:

Use the kinit command and reauthenticate using your password.
Use the aklog command to get a new AFS token.

Quota

Your home directory has an assigned size limit, or quota, of 4000MB, which is the amount of disk space you have for storing files. If you exceed your quota, you will receive error messages and will not be able to save files or run software. You will have to clean out files and/or save them to external media.

All user volumes (home directories) are backed up nightly. However, because every user's disk space is a limited resource, users should get rid of files they don't need and routinely back up important files on a removable storage medium. Files in Trash count against your quota, remember to empty Trash regularly!

Preserving files that are important (an end-of-the-semester project, thesis, important research, etc.) is ultimately the responsibility of the users who create them. For extremely valuable data, it is the responsibility of the user to store multiple backup copies in multiple locations.

All lab workstations come with floppy drives; some also have 250MB Zip and CD/RW drives. There are different utilities and software for making backups and conserving space.

Use the fs lq ~ command in Linux to check your quota (~ is the symbol for your home directory).

Access Control Lists (ACLs)

AFS uses access control lists (ACLs) to determine who accesses information in AFS file space. An ACL exists for every directory and specifies what actions different users can perform on that directory and its files. AFS uses its own special commands for setting permissions for individual access and access by groups.

AFS augments the standard UNIX file-protection mechanism with access control at the directory level. Three UNIX mode bits--read, write, and execute--protect each file, but seven AFS access rights protect the directory in which the file resides. As a result, individual file permissions do not mean very much in AFS-defined directory space (except for the execute bit x). In AFS, users assign and manage access to directories, not to individual files.

For more information on Access Control Lists, see AFS User Guide: Access Control Lists (external link).

Backup Volumes

Snapshot backups of all home directories are taken at around midnight every day. If you accidentally delete a file from your home directory today, and the file was there yesterday, you can recover them yourself. Substitute your login name for "abac1" in the following command:

fs mkm ~/YESTERDAY user.abac1.backup

This puts a READ-ONLY copy of your home directory as of last midnight in the directory called YESTERDAY. The needed files can then be copied back. Do not try to move the files. Remember, it is a read-only backup of yesterday's files. If you deleted something two or more days ago, it will not be there. The files in the YESTERDAY directory do not count against your quota.

To remove the YESTERDAY directory, use the command:

fs rmm ~/YESTERDAY

This will remove the directory and access to your backup volume (but not the backup files).

Important note regarding ACLs and backups: do not remove system:administrators from your directories' ACLs, this will prevent them from being backed up!