What is Different about AFS
Description This page describes the differences between the AFS file system, and the previous NFS file system, running under UCSC/Athena. For more extensive details about AFS itself, check the UCSC AFS Primer.
What is different?
Your locker: Your locker has some new directories, and the file names in your home directory are visible to everyone.
OldFiles: OldFiles directory for recovering old files.
Sharing files: Setting permissions now uses fs command instead of chmod.
Quotas: Quotas are handled differently.
File transfers: File transfers via FTP.
Web lockers: Web files are more easily uploaded for publishing.
Directory structure: Directory structure of the UCSC/Athena machines is different.
The differences are minor if you are a casual UNIX user. If you use UNIX to share files with others, then you need to learn how the AFS file protection differs. File protection is the major difference, and the one most likely to affect you.
Even though you might find some of the changes unsettling, we believe that once you've sampled AFS, you won't want to go back, and soon you won't be able to do without its many features.
The file names in your home directory (but not their contents) are now visible to everyone. If you do not want people to see which files you have in your home directory, you need to create a private directory and move all the files whose names you want to keep private to that directory. But do not move any of your dotfiles, your msgbox file, and the following directories: OldFiles, public_html, Mail and EMAIL: they must remain in your home directory. For instance:
% mkdir ~/private
% fs sa ~/private system:anyuser none
% mv file(s) ~/private
Your home directory contains some additional directories:
EMAIL Not used now, but reserved for future e-mail use.
OldFiles Where a copy of the last backup resides
public_html For your web files (this directory already existed if
you had some web pages in your locker).
- The location of your locker is now at /afs/cats/users/x/username where x is an arbitrary letter. While you are logged in you can also reach it at /cats/username.
- If you have any hard links under NFS, they will disappear. In AFS you cannot have hard links between different directories.
- You can now access all your files as they existed on the last backup by examining the OldFiles directory.
- AFS protects files only at the directory level. All files within a directory have the same protection. If you want to give files different protections they must reside in different directories. The protections are managed with a new command called fs. The protections set with the chmod are interpreted differently: the group and others protections are completely ignored, and the user protection is used for everyone in addition to the AFS protection (set with the fs command).
- With NFS, each file and directory could only belong to a single group. With AFS, each directory (and all its files) can belong to as many groups and users as you want. So with AFS, you have much finer control over how you can share your files.
- Quota under AFS is on a per volume basis (NFS was per disk partition). Anyone who writes in a volume consumes some of the quota assigned to that volume. So if you let a friend write in your user volume, his files will count towards your quota (not his!).
- The amount of quota for a user volume has increased from 15 to 100 MB.
- The ftp program can now access the entire AFS file space. With NFS, you had to login separately with telnet, mount the lockers you needed manually, and keep your telnet session active while using ftp. You no longer need to do this.
- If your unit has a web locker, you can now ftp files directly to /afs/cats/www/weblocker/public_html.
- When you place a file in your public_html directory, you no longer have to worry about setting up the correct permissions, because the permissions are those of the directory. When you create a subdirectory within public_html the directory will inherit the permissions of the parent directory automatically. So provided public_html is set correctly, all permissions will be set correctly. You no longer need to use the publish_html command.
- New users will have a public_html directory already created with the correct permissions when they open their accounts.
- AFS web lockers (i.e. unit web lockers, not individual lockers) can always be reached at /afs/cats/www/weblocker.
- The directory tree structure has changed. The root of the tree is now at /afs/cats.ucsc.edu, so if you go down to /afs you will see who else is using AFS. It is a worldwide listing, so it takes a somewhat longer (sometimes quite a bit longer) to see it appear on your screen than you are used to with strictly local directories.
- Within /afs/cats.ucsc.edu, we now have the following directories (subject to change):
afsrelease The directory for the various AFS software releases (binaries). class The directory for class (i.e. homework) lockers. Instructors can store their class materials for a specific quarter. Students can write their homework into this locker. The class locker disappear once the class is over at the end of the quarter. courses The directory for course lockers. Instructors using UNIX can store their course materials here. The course locker sticks around from quarter to quarter. project Reserved for special projects. service The direcctory for AFS control data files. AFS clients will check the contents of this directory to get updates. software The directory for third party software for UCSC users. system The directory for the various UCSC/Athena software releases (/srvd). users Users lockers. For example, this is where your home directory resides. Although finding someone's locker might be difficult, since the space is divided into multiple subdirectories which are arbitrarily named. Use the hesinfo username filsys to locate someone's locker. www Unit web lockers. For example, this is where the UCSC (and many other units) web pages resides.
To be able to use AFS, you need to get an extra token (in addition to your Kerberos ticket). You get this token automatically when you login to your UCSC/Athena account (except for meow.ucsc.edu users) whether through telnet or ftp. You can check its status with the tokens command. If for some reasons you do not get one, or it has expired, or you are using meow.ucsc.edu, you can get one manually by using the aklog command.
If you access foreign cells (outside of /afs/cats), you will need to request a token from the foreign cell if you need access other than system:anyuser with either klog or aklog (you use the latter command only if you already have a Kerberos ticket valid for that cell).If you are operating in a mixed environment with multiple filesystems, i.e. some AFS and some NFS, you may need to request a token manually as mentionned above.