System Administrator's Guide

[Return to Library] [Contents] [Previous Topic] [Bottom of Topic] [Next Topic] [Index]

Table of Contents

Figures

Tables

About This Guide

  • Audience and Purpose
  • Organization of the Document
  • How to Use This Document
  • Related Documents
  • Document Conventions
  • Command Syntax
  • Command Names
  • Options
  • Arguments
  • Flags
  • An Example Command
  • Rules for Typing AFS Commands
  • Rules for Omitting Switches
  • An Example of Omitting Switches
  • Rules for Using Abbreviations and Aliases
  • Abbreviating Command Names
  • Abbreviating Switches
  • Abbreviating File Server Machine Names
  • Abbreviating Partition Names
  • Abbreviating Cell Names
  • Getting Online Help on AFS Commands

    • An Overview of AFS Administration

  • A Broad Overview of AFS
  • More Detailed Discussions of Some Basic Concepts
  • Networks
  • Distributed File Systems
  • Servers and Clients
  • Cells
  • The Uniform Namespace and Transparent Access
  • Volumes
  • Mount Points
  • Replication
  • Caching and Callbacks
  • AFS Server Processes and the Cache Manager
  • The File Server
  • The Basic OverSeer Server
  • The Authentication Server
  • The Protection Server
  • The Volume Server
  • The Volume Location (VL) Server
  • The Update Server
  • The Backup Server
  • The Salvager
  • The Network Time Protocol Daemon
  • The Cache Manager

    • Issues in Cell Configuration and Administration

  • Differences between AFS and UNIX: A Summary
  • Differences in File and Directory Protection
  • Differences in Authentication
  • Differences in the Semantics of Standard UNIX Commands
  • The AFS version of the fsck Command
  • Creating Hard Links
  • AFS Implements "Save on Close"
  • Setuid Programs
  • Choosing a Cell Name
  • How to Choose a Cell Name
  • How to Set the Cell Name
  • Why Choosing the Appropriate Cell Name is Important
  • Participating in the AFS Global Namespace
  • What the Global Namespace Looks Like
  • Making Your Cell Visible to Others
  • Making Other Cells Visible in Your Cell
  • Granting and Denying Foreign Users Access to Your Cell
  • Configuring Your AFS Filespace
  • The Top /afs Level
  • The Second (Cellname) Level
  • The Third Level
  • Creating Volumes
  • Creating Volumes that Correspond to Your File Tree
  • Restrictions on Volume Names
  • Two Required Volume Names
  • Naming Volumes to Make Administration Easier
  • Using Prefixes on Related Volumes
  • Grouping Related Volumes on a Partition
  • When to Replicate Volumes
  • Smaller Volumes are More Efficient for Load Balancing
  • Space Quotas on Volumes
  • The Default Quota and ACL on a New Volume
  • Configuring File Server Machines
  • The Supported System Types
  • The Four Roles for Server Machines
  • Your Cell's First File Server Machine
  • Installing Additional File Server Machines
  • Replicating the Administrative Databases on Database Server Machines
  • Protecting Files on A File Server Machine's Local Disk
  • Keeping All Binaries Available
  • Configuring Partitions to Store AFS Data
  • Automatic Process Restarts
  • Limiting Reboots
  • Monitoring File Server and Cache Manager Processes
  • Configuring Client Machines
  • Configuring the Local Disk
  • Using the package Program to Configure Local Disks
  • Client Access to Foreign Cells Can Vary
  • Using the @sys Variable in Pathnames
  • Setting a Cache Manager's Preferences for File Server Machines
  • Configuring AFS User Accounts
  • The Two Methods for Creating AFS User Accounts
  • The Components of an AFS User Account
  • Levels of Account Functionality
  • Choosing Usernames and Naming Other Account Components
  • Converting UNIX Accounts into AFS Accounts
  • Grouping Home Directories
  • Making a Backup Version of User Volumes Available
  • Creating Standard Files in New AFS Accounts
  • Removing User Accounts
  • Using AFS Protection Groups
  • Group AFS UIDs
  • The Three System Groups
  • The Two Types of User-Defined Groups
  • Rules Concerning Groups
  • Login and Authentication in AFS
  • Using PAGs to Identify AFS Tokens
  • Using an AFS-modified login Utility
  • Not Using an AFS-modified login Utility
  • Limiting the Number of Failed Authentication Attempts
  • Changing Passwords
  • Obtaining a New PAG
  • The One-Token-Per-Cell-Per-Machine-Per-PAG Rule
  • Using the klog Command to Obtain a New Token
  • Using the tokens Command to Examine Tokens
  • Using the unlog Command to Discard Tokens
  • Setting Default Token Lifetimes for Users
  • Support for Kerberos Authentication
  • Security and Authorization in AFS
  • Some Important Security Features
  • Three Types of Privilege
  • Authorization Checking versus Authentication
  • Improving Security in Your Cell
  • A More Detailed Look at Mutual Authentication
  • Backing Up AFS Data
  • Backup Volumes
  • The AFS Backup System
  • Using Standard Remote Services in the AFS Environment
  • Accessing AFS through NFS

    • Administering Server Machines

  • Summary of Commands
  • Local Disk Files on a Server Machine
  • Binaries in the /usr/afs/bin Directory
  • Common Configuration Files in the /usr/afs/etc Directory
  • Local Configuration Files in the /usr/afs/local Directory
  • Replicated Database Files in the /usr/afs/db Directory
  • Log Files in the /usr/afs/logs Directory
  • Volume Headers on Server Partitions
  • The Four Roles for File Server Machines
  • Simple File Server Machines
  • Database Server Machines
  • Binary Distribution Machines
  • The System Control Machine
  • To locate database server machines
  • To locate the system control machine
  • To locate the binary distribution machine for a system type
  • Interpreting the Output from the bos status Command
  • Administering Database Server Machines
  • Replicating the Administrative Databases
  • Backing Up and Restoring the Administrative Databases
  • To back up the administrative databases
  • To restore an administrative database
  • Installing Server Process Software
  • Installing New Binaries
  • To install new server binaries
  • Reverting to the Previous Version of Binaries
  • To revert to the previous version of binaries
  • Displaying Binary Version Dates
  • To display binary version dates
  • Removing .BAK and .OLD Binary Files
  • To remove obsolete binaries
  • Displaying A Binary File's Build Level
  • Maintaining the Server CellServDB File
  • Distributing the Server CellServDB File
  • To display a cell's database server machines
  • To add a database server machine to the CellServDB file
  • To remove a database server machine from the CellServDB file
  • Managing Authentication and Authorization Requirements
  • Authentication versus Authorization
  • Controlling Authorization Checking on a Server Machine
  • To disable authorization checking on a server machine
  • To enable authorization checking on a server machine
  • Bypassing Mutual Authentication for an Individual Command
  • Adding or Removing Disks and Partitions
  • To add and mount a new disk to house AFS volumes
  • To unmount and remove a disk housing AFS volumes
  • Managing Server IP Addresses and VLDB Server Entries
  • To create or edit the server NetInfo file
  • To create or edit the server NetRestrict file
  • To display all server entries from the VLDB
  • To remove obsolete server entries from the VLDB
  • To change a server machine's IP addresses
  • Rebooting a Server Machine
  • To reboot a file server machine from its console
  • To reboot a file server machine remotely

    • Monitoring and Controlling Server Processes

  • Summary of Commands
  • Brief Descriptions of the AFS Server Processes
  • The fs Collection of Processes: the File Server, Volume Server and Salvager
  • The bosserver Process: the Basic OverSeer Server
  • The kaserver Process: the Authentication Server
  • The ptserver Process: the Protection Server
  • The vlserver Process: the Volume Location Server
  • The upserver and upclient Processes: the Update Server
  • The buserver Process: the Backup Server
  • The runntp Process: the Network Time Protocol Daemon
  • Controlling and Checking Process Status
  • The Information in the BosConfig File
  • The Types of Processes
  • How the BOS Server Uses the Information in the BosConfig File
  • About Starting and Stopping the Database Server Processes
  • About Starting and Stopping the Update Server
  • Listing Process Status and Information from the BosConfig File
  • To learn the status of all processes on a file server machine
  • To learn the status of certain processes on a file server machine
  • To examine information from the BosConfig file
  • Possible Process Statuses as Reported by the bos status Command
  • Information from the BosConfig File as Reported by the bos status Command
  • Creating and Removing Processes
  • To create and start up a new simple process
  • To create and start a new fs process
  • To create and start a new cron process
  • To stop a process and remove it from the BosConfig file
  • Stopping and Starting Processes Permanently
  • To stop processes by changing their status flags to NotRun
  • To start processes by changing their status flags to Run
  • Stopping and Starting Processes Temporarily
  • To stop processes temporarily
  • To start all stopped processes that have status flag Run in the BosConfig file
  • To start specific temporarily-stopped processes
  • Stopping and Immediately Restarting Processes
  • To stop and restart all processes including the BOS Server
  • To stop and immediately restart all processes except the BOS Server
  • To stop and immediately restart specific processes
  • Setting the BOS Server's Restart Times
  • To learn the current setting of the two restart times
  • To set the weekly restart time
  • To set the scheduled time for daily binary checking
  • Examining Server Process Log Files
  • To examine a server process log file

    • Managing Volumes

  • Summary of Commands
  • About Volumes
  • The Three Types of Volumes
  • How Volumes Improve System Efficiency
  • The Information in VLDB Entries
  • The Information in Volume Headers
  • Keeping the VLDB and Volume Headers Synchronized
  • About Mounting Volumes
  • About Volume Names
  • Creating ReadWrite Volumes
  • To create and mount a ReadWrite volume
  • Default Settings for a New Volume
  • Clones and Cloning
  • Creating and Releasing ReadOnly Volumes (Replication)
  • The Types of Volumes to Replicate
  • The Two Stages of AFS Replication
  • Determining if Replication Is Successful
  • Using the -f Flag to Force Creation of a New Clone
  • Variations on Replication
  • Using ReadOnly Volumes
  • To replicate a ReadWrite volume (create a ReadOnly volume)
  • Creating Backup Volumes
  • Backing Up Multiple Volumes at Once
  • Automating Creation of Backup Volumes
  • Making the Contents of Backup Volumes Available to Users
  • To create a single Backup volume and mount it in the file system
  • To create multiple Backup volumes at once
  • Mounting Volumes
  • The Rules of Mount Point Traversal
  • The Three Types of Mount Points
  • To create a regular mount point
  • To create a ReadWrite mount point
  • To create a cellular mount point
  • To remove a mount point
  • To examine a mount point
  • Creating Mount Points in a Foreign Cell
  • Displaying Information About Volumes
  • Displaying the VLDB Entry for One or More Volumes
  • To list information from the VLDB
  • Examining the Volume Header for One or More Volumes
  • To examine the volume header for all volumes on a machine or partition
  • Examining Both the VLDB Entry and Volume Header for a Volume
  • To display complete information about one volume at a time
  • Translating between Volume Names and IDs, Directory Names, and Locations
  • To learn a volume's name, given a directory or file name
  • To learn a volume's ID number, given a directory or file name
  • To learn all the volume ID numbers for a volume, given its name
  • To learn a volume's ID number, given its location only
  • To learn a volume's location, given a directory or file name
  • To learn a volume's location(s), given its name or volume ID number
  • Moving Volumes
  • Moving the Three Types of Volumes
  • To move a ReadWrite volume
  • Synchronizing the VLDB and Volume Headers
  • Keeping the VLDB Synchronized with Volume Headers
  • Some Indications that the VLDB is Out of Sync
  • How to Synchronize the VLDB with Volume Headers
  • The vos syncvldb Command
  • The vos syncserv Command
  • To resynchronize the VLDB and volume headers
  • Salvaging Volumes
  • To salvage volumes
  • Setting and Listing Volume Quota and Current Size
  • To set maximum volume quota on a single volume
  • To set maximum quota on one or more volumes
  • To list percent quota used
  • To list maximum quota, current size, and other information
  • To list maximum quota, current size, and more
  • Removing Volumes and their Mount Points
  • Removing a ReadWrite Volume
  • Removing a ReadOnly Volume
  • Removing a Backup Volume
  • Other Removal Commands
  • To remove a ReadWrite volume and unmount it
  • To remove a ReadOnly volume
  • To remove a Backup volume
  • Dumping and Restoring Volumes
  • About Dumping Volumes
  • To dump a volume
  • About Restoring Volumes
  • To restore a dump into a new volume and mount it
  • To restore a dump file, overwriting an existing volume
  • Renaming Volumes
  • To rename a volume
  • Unlocking and Locking VLDB Entries
  • Locking VLDB Entries
  • Unlocking VLDB Entries
  • To determine if a VLDB entry is locked
  • To unlock a single VLDB entry
  • To unlock a set of VLDB entries
  • To lock a VLDB entry

    • Configuring the AFS Backup System

  • Summary of Commands
  • Introduction to Backup System Features
  • Volume Sets and Volume Entries
  • Dumps and Dump Sets
  • Dump Hierarchies, Dump Levels and Expiration Dates
  • Dump Names and Tape Names
  • Tape Labels, Dump Labels, and EOF Markers
  • Tape Coordinator Machines, Port Offsets, and Backup Data Files
  • The Backup Database and Backup Server Process
  • Interfaces to the Backup System
  • Overview of Backup System Configuration
  • Configuring the tapeconfig File
  • To run the fms command on a noncompressing tape device
  • Granting Administrative Privilege to Backup Operators
  • Configuring Tape Coordinator Machines and Tape Devices
  • To configure a Tape Coordinator machine
  • To configure an additional Tape Coordinator on an existing Tape Coordinator machine
  • To unconfigure a Tape Coordinator
  • To display the list of configured Tape Coordinators
  • Defining and Displaying Volume Sets and Volume Entries
  • To add a volume set to the Backup Database
  • To add a volume entry to a volume set
  • To display volume sets and volume entries
  • To delete a volume set from the Backup Database
  • To delete a volume entry from a volume set
  • Defining and Displaying the Dump Hierarchy
  • Creating a Tape Recycling Schedule
  • Archiving Tapes
  • Defining Expiration Dates
  • To add a dump level to the dump hierarchy
  • To change a dump level's expiration date
  • To delete a dump level from the dump hierarchy
  • To display the dump hierarchy
  • Writing and Reading Tape Labels
  • Recording a Name on the Label
  • Recording a Capacity on the Label
  • To label a tape
  • To read the label on a tape
  • Automating and Increasing the Efficiency of the Backup Process
  • Creating a Device Configuration File
  • Invoking a Device's Tape Mounting and Unmounting Routines
  • Eliminating the Search or Prompt for the Initial Tape
  • Enabling Default Responses to Error Conditions
  • Eliminating the AFS Tape Name Check
  • Setting the Memory Buffer Size to Promote Tape Streaming
  • Dumping Data to a Backup Data File
  • To configure a backup data file

    • Backing Up and Restoring AFS Data

  • Summary of Commands
  • Using the Backup System's Interfaces
  • Performing Backup Operations as the Local Superuser Root or in a Foreign Cell
  • Using Interactive and Regular Command Mode
  • To enter interactive mode
  • To exit interactive mode
  • To display pending or running jobs in interactive mode
  • To cancel operations in interactive mode
  • Starting and Stopping the Tape Coordinator Process
  • To start a Tape Coordinator process
  • To stop a Tape Coordinator process
  • To check the status of a Tape Coordinator process
  • Backing Up Data
  • Making Backup Operations More Efficient
  • How Your Configuration Choices Influence the Dump Process
  • Appending Dumps to an Existing Dump Set
  • Scheduling Dumps
  • To create a dump
  • Displaying Backup Records
  • To display dump records
  • To display a volume's dump history
  • To scan the contents of a tape
  • Restoring and Recovering Data
  • Making Restore Operations More Efficient
  • Using the backup volrestore Command
  • To restore volumes with the backup volrestore command
  • Using the backup diskrestore Command
  • To restore a partition with the backup diskrestore command
  • Using the backup volsetrestore Command
  • To restore a group of volumes with the backup volsetrestore command
  • Maintaining the Backup Database
  • Backing Up and Restoring the Backup Database
  • Checking for and Repairing Corruption in the Backup Database
  • Removing Obsolete Records from the Backup Database

    • Monitoring and Auditing AFS Performance

  • Summary of Commands
  • Using the scout Program
  • System Requirements
  • Using the -basename argument to Specify a Domain Name
  • The Layout of the scout Display
  • Highlighting Significant Statistics
  • Resizing the scout Display
  • To start the scout program
  • To stop the scout program
  • Example Commands and Displays
  • Using the fstrace Command Suite
  • About the fstrace Command Suite
  • Requirements for Using the fstrace Command Suite
  • Recommendations for Using the fstrace Command Suite
  • Starting a Cache Manager Trace Log
  • Dumping the Contents of a Trace Log
  • Clearing the Contents of a Trace Log
  • Changing the State of an Event Set
  • Changing the Size of the Trace Log
  • Examples of fstrace Commands
  • Using the afsmonitor Program
  • Requirements for running the afsmonitor program
  • The Layout of the afsmonitor Display
  • Configuring the afsmonitor Program
  • Writing afsmonitor Statistics to a File
  • To start the afsmonitor Program
  • To stop the afsmonitor program
  • The xstat Data Collection Facility
  • The libxstat Libraries
  • Example xstat Commands
  • Auditing AFS Events on AIX File Servers
  • Configuring AFS Auditing on AIX File Servers
  • To enable AFS auditing
  • To disable AFS auditing

    • Managing Server Encryption Keys

  • Summary of Commands
  • About Server Encryption Keys
  • Keys and Mutual Authentication: A Review
  • Maintaining AFS Server Encryption Keys
  • Displaying Server Encryption Keys
  • To display the KeyFile file
  • To display the afs key from the Authentication Database
  • Adding Server Encryption Keys
  • To add a new server encryption key
  • Removing Server Encryption Keys
  • To remove a key from the KeyFile file
  • Handling Server Encryption Key Emergencies
  • Prevent Mutual Authentication
  • Disable Authorization Checking by Hand
  • Work Quickly on Each Machine
  • Work at the Console
  • Change Individual KeyFile Files
  • Two Component Procedures
  • To create a new server encryption key in emergencies

    • Administering Client Machines and the Cache Manager

  • Summary of Commands
  • Overview of Cache Manager Customization
  • Configuration and Cache-Related Files on the Local Disk
  • Configuration Files in the /usr/vice/etc Directory
  • Cache-Related Files
  • Determining the Cache Type, Size, and Location
  • Choosing the Cache Size
  • Displaying and Setting the Cache Size and Location
  • To display the cache size set at reboot
  • To display the current cache size
  • To edit the cacheinfo file
  • To change the disk cache size without rebooting
  • To reset the disk cache size to the default without rebooting
  • How the Cache Manager Chooses Data to Discard
  • Setting Other Cache Parameters with the afsd program
  • Setting Cache Configuration Parameters
  • Configuring a Disk Cache
  • Controlling Memory Cache Configuration
  • Maintaining Knowledge of Database Server Machines
  • How Clients Use the List of Database Server Machines
  • The Format of the CellServDB file
  • Maintaining the Client CellServDB File
  • To display the /usr/vice/etc/CellServDB file
  • To display the list of database server machines in kernel memory
  • To change the list of a cell's database server machines in kernel memory
  • Determining if a Client Can Run Setuid Programs
  • To determine a cell's setuid status
  • To change a cell's setuid status
  • Setting the File Server Probe Interval
  • To set a client's file server probe interval
  • Setting a Client Machine's Cell Membership
  • To display a client machine's cell membership
  • To set a client machine's cell membership
  • Forcing the Update of Cached Data
  • To flush certain files or directories
  • To flush all data from a volume
  • To force the Cache Manager to notice other volume changes
  • Setting Server Preference Ranks
  • How the Cache Manager Sets Default Ranks
  • How the Cache Manager Uses Preference Ranks
  • Displaying and Setting Preference Ranks
  • To display server preference ranks
  • To set server preference ranks
  • Managing Multihomed Client Machines
  • To create or edit the client NetInfo file
  • To create or edit the client NetRestrict file
  • To display the list of addresses from kernel memory
  • To set the list of addresses in kernel memory
  • Controlling the Display of Warning and Informational Messages
  • To control the display of warning and status messages
  • Displaying and Setting the System Type Name
  • To display the system type name
  • To change the system type name
  • Enabling Asynchronous Writes
  • To set the default store asynchrony
  • To set the store asynchrony for one or more files
  • To display the default store asynchrony
  • To display the store asynchrony for one or more files

    • Configuring Client Machines with the package program

  • Summary of Commands and Prototype/Configuration File Instructions
  • Using the package Program
  • Using Package on File Server Machines
  • Package Overview
  • Preparing Prototype Files
  • Compiling Prototype Files
  • Preparing Clients
  • The package Directory Structure
  • The src directory
  • The lib directory
  • The etc directory
  • Example Prototype and Library Files
  • An Example Prototype File
  • Example Library File
  • Package Configuration File Instruction Syntax
  • Local Files versus Symbolic Links
  • Defining a Directory
  • Defining a File
  • Defining a Symbolic Link
  • Defining a Block Special Device
  • Defining a Character Special Device
  • Defining a Socket
  • Constructing Prototype and Library Files
  • To construct a prototype file and its component library files
  • The Package Makefile File
  • Overview
  • The CONFIG Section
  • The BASE_LIBS Section
  • The MACHINE_LIBS Section
  • The LIBS Section
  • The .SUFFIXES Section
  • The Makefile Instructions Section
  • Modifying the Makefile
  • Adding a New Prototype File
  • Adding a New System Type
  • Adding New Library Files
  • Compiling Prototype Files
  • To compile prototype files
  • Modifying Client Machines
  • To prepare a client machine to run the package program
  • Running the package program
  • To invoke the package program by rebooting
  • To invoke the package program directly (without rebooting)

    • Creating and Deleting User Accounts with the uss Command Suite

  • Summary of Commands
  • Overview of the uss Command Suite
  • The Components of an AFS User Account
  • Privilege Requirements for the uss Commands
  • Avoiding and Recovering from Errors and Interrupted Operations
  • Creating Local Password File Entries with uss
  • Assigning AFS and UNIX UIDs that Match
  • Specifying Passwords in the Local Password File
  • Creating a Common Source Password File
  • Converting Existing UNIX Accounts with uss
  • Making UNIX and AFS UIDs Match
  • Setting the Password Field Appropriately
  • Moving Local Files into AFS
  • Constructing a uss Template File
  • Creating the Three Types of User Accounts
  • Using Constants and Variables in the Template File
  • Where to Place Template Files
  • Some General Rules for Constructing a Template
  • About Creating Local Disk Directories and Files
  • Example Templates
  • Evenly Distributing User Home Directories with the G Instruction
  • Creating a Volume with the V Instruction
  • Creating a Directory with the D Instruction
  • Creating a File from a Prototype with the F Instruction
  • Creating One-Line Files with the E Instruction
  • Creating Links with the L and S Instructions
  • Increasing Account Security with the A Instruction
  • Executing Commands with the X Instruction
  • Creating Individual Accounts with the uss add Command
  • To create an AFS account with the uss add command
  • Deleting Individual Accounts with the uss delete Command
  • To delete an AFS account
  • Creating and Deleting Multiple Accounts with the uss bulk Command
  • Constructing a Bulk Input File
  • Example Bulk Input File Instructions
  • To create and delete multiple AFS user accounts

    • Administering User Accounts

  • Summary of Commands
  • The Components of an AFS User Account
  • Creating Local Password File Entries
  • Assigning AFS and UNIX UIDs that Match
  • Specifying Passwords in the Local Password File
  • Converting Existing UNIX Accounts
  • Making UNIX and AFS UIDs Match
  • Setting the Password Field Appropriately
  • Moving Local Files into AFS
  • Creating AFS User Accounts
  • To create one user account with individual commands
  • Improving Password and Authentication Security
  • To limit the number of consecutive failed authentication attempts
  • To unlock a locked user account
  • To set password lifetime
  • To prohibit reuse of passwords
  • Changing AFS Passwords
  • To change an AFS password
  • Displaying and Setting the Quota on User Volumes
  • Changing Usernames
  • To change a username
  • Removing a User Account
  • To remove a user account

    • Administering the Protection Database

  • Summary of Commands
  • About the Protection Database
  • The System Groups
  • Displaying Information from the Protection Database
  • To display a Protection Database entry
  • To display group membership
  • To list the groups that a user or group owns
  • To display all Protection Database entries
  • Creating User and Machine Entries
  • To create machine entries in the Protection Database
  • Creating Groups
  • To create groups
  • Using Groups Effectively
  • To create a self-owned group
  • Using Prefix-Less Groups
  • Adding and Removing Group Members
  • To add users and machines to groups
  • To remove users and machines from groups
  • Deleting Protection Database Entries
  • To delete Protection Database entries
  • Changing a Group's Owner
  • To change a group's owner
  • Changing a Protection Database Entry's Name
  • To change the name of a machine or group entry
  • Setting Group-Creation Quota
  • To set group-creation quota
  • Setting the Privacy Flags on Database Entries
  • Rules for Setting the Privacy Flags
  • To set a Protection Database entry's privacy flags
  • Displaying and Setting the AFS UID and GID Counters
  • To display the AFS ID counters
  • To set the AFS ID counters

    • Managing Access Control Lists

  • Summary of Commands
  • Protecting Data in AFS
  • Differences Between UFS and AFS Data Protection
  • The AFS ACL Permissions
  • Using Normal and Negative Permissions
  • Using Groups on ACLs
  • Displaying ACLs
  • To display an ACL
  • Setting ACL Entries
  • To add, remove, or edit normal ACL permissions
  • To add, remove, or edit negative ACL permissions
  • Completely Replacing an ACL
  • To replace an ACL completely
  • Copying ACLs Between Directories
  • To copy an ACL between directories
  • Removing Obsolete AFS IDs from ACLs
  • To clean obsolete AFS IDs from an ACL
  • How AFS Interprets the UNIX Mode Bits

    • Managing Administrative Privilege

  • Summary of Commands
  • An Overview of Administrative Privilege
  • Membership in the system:administrators Group
  • The ADMIN Flag in the Authentication Database
  • Inclusion in the /usr/afs/etc/UserList File
  • The Reason for Separate Privileges
  • Administering the system:administrators Group
  • To list the members of the system:administrators group
  • To add users to the system:administrators group
  • To remove users from the system:administrators group
  • Granting Privilege for kas Commands: the ADMIN Flag
  • To check if the ADMIN flag is set
  • To set the ADMIN flag
  • To remove the ADMIN flag
  • Granting Privilege for bos, vos, and backup Commands: the UserList File
  • To list the users in the UserList file
  • To add users to the UserList file
  • To remove users from the UserList file

    • Appendix A. The afsmonitor Program Statistics

  • The Cache Manager Statistics
  • Performance Statistics Section (PerfStats_section)
  • Server Up/Down Statistics Section (Server_UpDown_section)
  • RPC Operation Measurements Section (RPCop_section)
  • Authentication and Replicated File Access Section (Auth_Access_section)
  • The File Server Statistics
  • Performance Statistics Section (PerfStats_section)
  • RPC Operations Section (RPCop_section)

    • Appendix B. AIX Audit Events

  • Introduction
  • Audit-Specific Events
  • Volume Server Events
  • Backup Server Events
  • Protection Server Events
  • Authentication Events
  • File Server and Cache Manager Interface Events
  • BOS Server Events
  • Volume Location Server Events

    • Appendix C. Managing the NFS/AFS Translator

  • Summary of Commands
  • Overview
  • Enabling Unauthenticated or Authenticated AFS Access
  • NFS/AFS Translator Machine Requirements
  • NFS Client Machine Requirements
  • User Account Requirements
  • The AFSSERVER and AFSCONF Environment Variables
  • Delayed Write Semantics
  • Configuring an NFS/AFS Translator Machine
  • General Requirements for Loading NFS and AFS Kernel Extensions
  • Requirements for NFS Client Users to Issue AFS Commands
  • To configure an NFS/AFS translator machine
  • Configuring an NFS Client
  • To configure an NFS client machine to access AFS
  • Configuring a User Account to Enable Issuing AFS Commands
  • To configure a user account
  • Authenticating from Non-Supported NFS Client Machines
  • Security Concerns about Generic Credential Structures
  • A Note on Discarding Tokens with knfs
  • To authenticate on a NFS client machine of a non-supported type
  • To discard tokens using the knfs Command
  • Disabling and Enabling a Translator Machine
  • To disable a Translator machine temporarily
  • To reenable a disabled Translator machine

    • Index

    [Return to Library] [Contents] [Previous Topic] [Top of Topic] [Next Topic] [Index]


    © IBM Corporation 1999. All Rights Reserved