+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
-<HTML><HEAD>
-<TITLE>User Guide</TITLE>
-<!-- Begin Header Records ========================================== -->
-<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
-<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
-<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
-<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
-<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
-</HEAD><BODY>
-<!-- (C) IBM Corporation 2000. All Rights Reserved -->
-<BODY bgcolor="ffffff">
-<!-- End Header Records ============================================ -->
-<A NAME="Top_Of_Page"></A>
-<H1>User Guide</H1>
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<HR><H1><A NAME="HDRWQ2" HREF="auusg002.htm#ToC_7">An Introduction to AFS</A></H1>
-<P>This chapter introduces basic AFS concepts and terms.
-It assumes that you are already familiar with standard UNIX commands, file
-protection, and pathname conventions.
-<HR><H2><A NAME="HDRWQ3" HREF="auusg002.htm#ToC_8">AFS Concepts</A></H2>
-<P>AFS makes it easy for people to work together on the same
-files, no matter where the files are located. AFS users do not have to
-know which machine is storing a file, and administrators can move files from
-machine to machine without interrupting user access. Users always
-identify a file by the same pathname and AFS finds the correct file
-automatically, just as happens in the local file system on a single
-machine. While AFS makes file sharing easy, it does not compromise the
-security of the shared files. It provides a sophisticated protection
-scheme.
-<A NAME="IDX747"></A>
-<A NAME="IDX748"></A>
-<P><H3><A NAME="Header_9" HREF="auusg002.htm#ToC_9">Client/Server Computing</A></H3>
-<P>AFS uses a <I>client/server computing</I> model. In
-client/server computing, there are two types of machines. <I>Server
-machines</I> store data and perform services for client machines.
-<I>Client machines</I> perform computations for users and access data and
-services provided by server machines. Some machines act as both clients
-and servers. In most cases, you work on a client machine, accessing
-files stored on a file server machine.
-<A NAME="IDX749"></A>
-<A NAME="IDX750"></A>
-<A NAME="IDX751"></A>
-<A NAME="IDX752"></A>
-<A NAME="IDX753"></A>
-<A NAME="IDX754"></A>
-<P><H3><A NAME="Header_10" HREF="auusg002.htm#ToC_10">Distributed File Systems</A></H3>
-<P>AFS is a <I>distributed file system</I> which joins together the
-file systems of multiple file server machines, making it as easy to access
-files stored on a remote file server machine as files stored on the local
-disk. A distributed file system has two main advantages over a
-conventional centralized file system:
-<A NAME="IDX755"></A>
-<UL>
-<P><LI>Increased availability: A copy of a popular file, such as the binary
-for an application program, can be stored on many file server machines.
-An outage on a single machine or even multiple machines does not necessarily
-make the file unavailable. Instead, user requests for the program are
-routed to accessible machines. With a centralized file system, the loss
-of the central file storage machine effectively shuts down the entire
-system.
-<P><LI>Increased efficiency: In a distributed file system, the work load is
-distributed over many smaller file server machines that tend to be more fully
-utilized than the larger (and usually more expensive) file storage machine of
-a centralized file system.
-</UL>
-<P>AFS hides its distributed nature, so working with AFS files looks and feels
-like working with files stored on your local machine, except that you can
-access many more files. And because AFS relies on the power of
-users' client machines for computation, increasing the number of AFS
-users does not slow AFS performance appreciably, making it a very efficient
-computing environment.
-<P><H3><A NAME="HDRWQ4" HREF="auusg002.htm#ToC_11">AFS Filespace and Local Filespace</A></H3>
-<A NAME="IDX756"></A>
-<P>AFS acts as an extension of your machine's local UNIX file
-system. Your system administrator creates a directory on the local disk
-of each AFS client machine to act as a gateway to AFS. By convention,
-this directory is called <B>/afs</B>, and it functions as the root of the
-<I>AFS filespace</I>.
-<A NAME="IDX757"></A>
-<A NAME="IDX758"></A>
-<A NAME="IDX759"></A>
-<P>Just like the UNIX file system, AFS uses a hierarchical file structure (a
-tree). Under the <B>/afs</B> root directory are subdirectories
-created by your system administrator, including your home directory.
-Other directories that are at the same level of the local file system as
-<B>/afs</B>, such as <B>/usr</B>, <B>/etc</B>, or <B>/bin</B>,
-can either be located on your local disk or be links to AFS
-directories. Files relevant only to the local machine are usually
-stored on the local machine. All other files can be stored in AFS,
-enabling many users to share them and freeing the local machine's disk
-space for other uses.
-<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">You can use AFS commands only on files in the AFS filespace or the local
-directories that are links to the AFS filespace.
-</TD></TR></TABLE>
-<P><H3><A NAME="HDRWQ5" HREF="auusg002.htm#ToC_12">Cells and Sites</A></H3>
-<P>The <I>cell</I> is the administrative domain in
-AFS. Each cell's administrators determine how client machines are
-configured and how much storage space is available to each user. The
-organization corresponding to a cell can be a company, a university
-department, or any defined group of users. From a hardware perspective,
-a cell is a grouping of client machines and server machines defined to belong
-to the same cell.
-<A NAME="IDX760"></A>
-An AFS <I>site</I> is a grouping of one or more related cells. For
-example, the cells at the ABC Corporation form a single site.
-<A NAME="IDX761"></A>
-<P>By convention, the subdirectories of the <B>/afs</B> directory are
-cellular filespaces, each of which contains subdirectories and files that
-belong to a single cell. For example, directories and files relevant to
-the ABC Corporation cell are stored in the subdirectory
-<B>/afs/abc.com</B>.
-<P>While each cell organizes and maintains its own filespace, it can also
-connect with the filespace of other AFS cells. The result is a huge
-filespace that enables file sharing within and across cells.
-<A NAME="IDX762"></A>
-<P>The cell to which your client machine belongs is called your <I>local
-cell</I>. All other cells in the AFS filespace are termed
-<I>foreign cells</I>.
-<A NAME="IDX763"></A>
-<A NAME="IDX764"></A>
-<A NAME="IDX765"></A>
-<P><H3><A NAME="HDRWQ6" HREF="auusg002.htm#ToC_13">Volumes and Mount Points</A></H3>
-<P>The storage disks in a computer are divided into sections
-called <I>partitions</I>. AFS further divides partitions into units
-called <I>volumes</I>, each of which houses a subtree of related files and
-directories. The volume provides a convenient container for storing
-related files and directories. Your system administrators can move
-volumes from one file server machine to another without your noticing, because
-AFS automatically tracks a volume's location.
-<A NAME="IDX766"></A>
-<A NAME="IDX767"></A>
-<P>You access the contents of a volume by accessing its <I>mount point</I>
-in the AFS filespace. A mount point is a special file system element
-that looks and acts like a regular UNIX directory, but tells AFS the
-volume's name. When you change to a different directory (by using
-the <B>cd</B> command, for example) you sometimes <I>cross</I> a mount
-point and start accessing the contents of a different volume than
-before. You normally do not notice the crossing, however, because AFS
-automatically interprets mount points and retrieves the contents of the new
-directory from the appropriate volume. You do not need to track which
-volume, partition, or file server machine is housing a directory's
-contents. If you are interested, though, you can learn a volume's
-location; for instructions, see <A HREF="auusg006.htm#HDRWQ40">Locating Files and Directories</A>.
-<A NAME="IDX768"></A>
-<A NAME="IDX769"></A>
-<P>If your system administrator has followed the conventional practice, your
-home directory corresponds to one volume, which keeps its contents together on
-one partition of a file server machine. User volumes are typically
-named <B>user.</B><VAR>username</VAR>. For example, the volume
-for a user named <B>smith</B> in the cell <B>abc.com</B> is
-called <B>user.smith</B> and is mounted at the directory
-<B>/afs/abc.com/usr/smith</B>.
-<A NAME="IDX770"></A>
-<P>Because AFS volumes are stored on different file server machines, when a
-machine becomes unavailable only the volumes on that machine are
-inaccessible. Volumes stored on other machines are still
-accessible. However, if a volume's mount point resides in a volume
-that is stored on an unavailable machine, the former volume is also
-inaccessible. For that reason, volumes containing frequently used
-directories (for example, <B>/afs</B> and
-<B>/afs/</B><VAR>cellname</VAR>) are often copied and distributed to many
-file server machines.
-<P><H3><A NAME="HDRWQ7" HREF="auusg002.htm#ToC_14">Volume Quotas</A></H3>
-<A NAME="IDX771"></A>
-<P>Each volume has a size limit, or <I>quota</I>, assigned by the system
-administrator. A volume's quota determines the maximum amount of
-disk space the volume can consume. If you attempt to exceed a
-volume's quota, you receive an error message. For instructions on
-checking volume quota, see <A HREF="auusg006.htm#HDRWQ39">Displaying Volume Quota</A>.
-<P>Volumes have completely independent quotas. For example, say that
-the current working directory is <B>/afs/abc.com/usr/smith</B>,
-which is the mount point for the <B>user.smith</B> volume with 1000
-free blocks. You try to copy a 500 block file from the current working
-directory to the <B>/afs/abc.com/usr/pat</B> directory, the mount
-point for the volume <B>user.pat</B>. However, you get an
-error message saying there is not enough space. You check the volume
-quota for <B>user.pat</B>, and find that the volume only has 50
-free blocks.
-<HR><H2><A NAME="HDRWQ8" HREF="auusg002.htm#ToC_15">Using Files in AFS</A></H2>
-<P><H3><A NAME="HDRWQ9" HREF="auusg002.htm#ToC_16">The Cache Manager</A></H3>
-<P>You can access the AFS filespace only when working on an AFS
-client machine. The <I>Cache Manager</I> on that machine is your
-agent in accessing information stored in the AFS filespace. When you
-access a file, the Cache Manager on your client machine requests the file from
-the appropriate file server machine and stores (<I>caches</I>) a copy of
-it on your client machine's local disk. Application programs on
-your client machine use the local, cached copy of the file. This
-improves performance because it is much faster to use a local file than to
-send requests for file data across the network to the file server
-machine.
-<A NAME="IDX772"></A>
-<A NAME="IDX773"></A>
-<A NAME="IDX774"></A>
-<A NAME="IDX775"></A>
-<P>Because application programs use the cached copy of a file, any changes you
-make are not necessarily stored permanently to the central version stored on
-the file server machine until the file closes. At that point, the Cache
-Manager writes your changes back to the file server machine, where they
-replace the corresponding parts of the existing file. Some application
-programs close a file in this way each time you issue their <B>save</B>
-command (and then immediately reopen the file so that you can continue
-working). With other programs, issuing the <B>save</B> command
-writes the changes only to the local cached copy. If you use the latter
-type of text editor, you need to close the file periodically to make sure your
-changes are stored permanently.
-<P>If a file server machine becomes inaccessible, you can continue working
-with the local, cached copy of a file fetched from that machine, but you
-cannot save your changes permanently until the server machine is again
-accessible.
-<P><H3><A NAME="HDRWQ10" HREF="auusg002.htm#ToC_17">Updating Copies of Cached Files</A></H3>
-<A NAME="IDX776"></A>
-<A NAME="IDX777"></A>
-<P>When the central version of a file changes on the file server machine, the
-AFS <I>File Server</I> process running on that machine advises all other
-Cache Managers with copies of that file that their version is no longer
-valid. AFS has a special mechanism for performing these notifications
-efficiently. When the File Server sends the Cache Manager a copy of a
-modifiable file, it also sends a <I>callback</I>. A callback
-functions as a promise from the File Server to contact the Cache Manager if
-the centrally stored copy of the file is changed while it is being
-used. If that happens, the File Server <I>breaks</I> the
-callback. If you run a program that requests data from the changed
-file, the Cache Manager notices the broken callback and gets an updated copy
-of the file from the File Server. Callbacks ensure that you are working
-with the most recent copy of a file.
-<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The callback mechanism does not guarantee that you immediately see the
-changes someone else makes to a file you are using. Your Cache Manager
-does not notice the broken callback until your application program asks it for
-more data from the file.
-</TD></TR></TABLE>
-<P><H3><A NAME="Header_18" HREF="auusg002.htm#ToC_18">Multiple Users Modifying Files</A></H3>
-<A NAME="IDX778"></A>
-<A NAME="IDX779"></A>
-<P>Like a standard UNIX file system, AFS preserves only the changes to a file
-that are saved last, regardless of who made the changes. When
-collaborating with someone on the same files, you must coordinate your work to
-avoid overwriting each other's changes. You can use AFS access
-control lists (ACLs) to limit the ability of other users to access or change
-your files, and so prevent them from accidentally overwriting your
-files. See <A HREF="auusg007.htm#HDRWQ44">Protecting Your Directories and Files</A>.
-<HR><H2><A NAME="HDRWQ11" HREF="auusg002.htm#ToC_19">AFS Security</A></H2>
-<A NAME="IDX780"></A>
-<A NAME="IDX781"></A>
-<P>AFS makes it easy for many users to access the same files, but also uses
-several mechanisms to ensure that only authorized users access the AFS
-filespace. The mechanisms include the following:
-<UL>
-<P><LI>Passwords and mutual authentication ensure that only authorized users
-access AFS filespace
-<P><LI>Access control lists enable users to restrict or permit access to their
-own directories
-</UL>
-<P><H3><A NAME="HDRWQ12" HREF="auusg002.htm#ToC_20">Passwords and Mutual Authentication</A></H3>
-<A NAME="IDX782"></A>
-<A NAME="IDX783"></A>
-<A NAME="IDX784"></A>
-<P>AFS uses two related mechanisms to ensure that only authorized users access
-the filespace: passwords and mutual authentication. Both
-mechanisms require that a user prove his or her identity.
-<P>When you first identify yourself to AFS, you must provide the password
-associated with your username, to prove that you are who you say you
-are. When you provide the correct password, you become
-<I>authenticated</I> and your Cache Manager receives a
-<I>token</I>. A token is a package of information that is scrambled
-by an AFS authentication program using your AFS password as a key. Your
-Cache Manager can unscramble the token because it knows your password and
-AFS's method of scrambling.
-<A NAME="IDX785"></A>
-<A NAME="IDX786"></A>
-<P>The token acts as proof to AFS server programs that you are authenticated
-as a valid AFS user. It serves as the basis for the second means
-through which AFS creates security, called <I>mutual
-authentication</I>. Under mutual authentication, both parties
-communicating across the network prove their identities to one another.
-AFS requires mutual authentication whenever a server and client (most often, a
-Cache Manager) communicate with each other.
-<P>The mutual authentication protocol that AFS uses is designed to make it
-very difficult for people to authenticate fraudulently. When your Cache
-Manager contacts a File Server on your behalf, it sends the token you obtained
-when you authenticated. The token is encrypted with a key that only an
-AFS File Server can know. If the File Server can decrypt your token, it
-can communicate with your Cache Manager. In turn, the Cache Manager
-accepts the File Server as genuine because the File Server can decrypt and use
-the information in the token.
-<A NAME="IDX787"></A>
-<P><H3><A NAME="Header_21" HREF="auusg002.htm#ToC_21">Access Control Lists</A></H3>
-<A NAME="IDX788"></A>
-<P>AFS uses <I>access control lists</I> (<I>ACLs</I>) to determine who
-can access the information in the AFS filespace. Each AFS directory has
-an ACL to specify what actions different users can perform on that directory
-and its files. An ACL can contain up to about 20 entries for users,
-groups, or both; each entry lists a user or group and the permissions it
-possesses.
-<P>The owner of a directory and system administrators can always administer an
-ACL. Users automatically own their home directories and
-subdirectories. Other non-owner users can define a directory's ACL
-only if specifically granted that permission on the ACL. For more
-information on ACLs, see <A HREF="auusg007.htm#HDRWQ44">Protecting Your Directories and Files</A>
-.
-<P>A group is composed of one or more users and client machines. If a
-user belongs to a group that appears on an ACL, the user gets all of the
-permissions granted to that group, just as if the user were listed directly on
-the ACL. Similarly, if a user is logged into a client machine that
-belongs to a group, the user has all of the permissions granted to that
-group. For instructions on defining and using groups, see <A HREF="auusg008.htm#HDRWQ60">Using Groups</A>.
-<P>All users who can access your cell's filespace, authenticated or not,
-are automatically assigned to a group called
-<B>system:anyuser</B>. For a discussion of placing the
-<B>system:anyuser</B> group on ACLs, see <A HREF="auusg007.htm#HDRWQ51">Extending Access to Users from Foreign Cells</A>.
-<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">You can use the UNIX mode bits to control access on specific files within an
-AFS directory; however, the effect of these mode bits is different under
-AFS than in the standard UNIX file system. See <A HREF="#HDRWQ16">File and Directory Protection</A>.
-</TD></TR></TABLE>
-<HR><H2><A NAME="HDRWQ13" HREF="auusg002.htm#ToC_22">Differences Between UNIX and AFS</A></H2>
-<P>AFS is designed to be similar to the UNIX file system.
-For instance, many of the basic UNIX file manipulation commands (<B>cp</B>
-for copy, <B>rm</B> for remove, and so on) are the same in AFS as they are
-as in UNIX. All of your application programs work as they did
-before. The following sections describe some of the differences between
-a standard UNIX file system and AFS.
-<P><H3><A NAME="HDRWQ14" HREF="auusg002.htm#ToC_23">File Sharing</A></H3>
-<A NAME="IDX789"></A>
-<A NAME="IDX790"></A>
-<A NAME="IDX791"></A>
-<P>AFS enables users to share remote files as easily as local files. To
-access a file on a remote machine in AFS, you simply specify the file's
-pathname. In contrast, to access a file in a remote machine's UNIX
-file system, you must log into the remote machine or create a mount point on
-the local machine that points to a directory in the remote machine's UNIX
-file system.
-<P>AFS users can see and share all the files under the <B>/afs</B> root
-directory, given the appropriate privileges. An AFS user who has the
-necessary privileges can access a file in any AFS cell, simply by specifying
-the file's pathname. File sharing in AFS is not restricted by
-geographical distances or operating system differences.
-<P><H3><A NAME="HDRWQ15" HREF="auusg002.htm#ToC_24">Login and Authentication</A></H3>
-<A NAME="IDX792"></A>
-<P>To become an authenticated AFS user, you need to provide a password to
-AFS.
-<UL>
-<P><LI>On machines that use an AFS-modified login utility, logging in is a
-one-step process; your initial login automatically authenticates you with
-AFS.
-<P><LI>On machines that do not use an AFS-modified login utility, you must
-perform two steps.
-<OL TYPE=1>
-<P><LI>Log in to your local machine.
-<P><LI>Issue the <B>klog</B> command with the <B>-setpag</B> argument to
-authenticate with AFS and get your token.
-</OL>
-</UL>
-<P>Your system administrator can tell you whether your machine uses an
-AFS-modified login utility or not. Then see the login instructions in <A HREF="auusg005.htm#HDRWQ21">Logging in and Authenticating with AFS</A>.
-<P>AFS authentication passwords are stored in special AFS database, rather
-than in the local password file (<B>/etc/passwd</B> or equivalent).
-If your machine uses an AFS-modified login utility, you can change your
-password with a single command. If your machine does not use an
-AFS-modified login utility, you must issue separate commands to change your
-AFS and local passwords. See <A HREF="auusg005.htm#HDRWQ36">Changing Your Password</A>.
-<A NAME="IDX793"></A>
-<A NAME="IDX794"></A>
-<A NAME="IDX795"></A>
-<P><H3><A NAME="HDRWQ16" HREF="auusg002.htm#ToC_25">File and Directory Protection</A></H3>
-<A NAME="IDX796"></A>
-<A NAME="IDX797"></A>
-<P>AFS does not rely on the mode bit protections of a standard UNIX system
-(though its protection system does interact with these mode bits).
-Instead, AFS uses an access control list (ACL) to control access to each
-directory and its contents. The following list summarizes the
-differences between the two methods:
-<UL>
-<P><LI>UNIX mode bits specify three types of access permissions:
-<B>r</B> (<B>read</B>), <B>w</B> (<B>write</B>), and
-<B>x</B> (<B>execute</B>). An AFS ACL uses seven types of
-permissions: <B>r</B> (<B>read</B>), <B>l</B>
-(<B>lookup</B>), <B>i</B> (<B>insert</B>), <B>d</B>
-(<B>delete</B>), <B>w</B> (<B>write</B>), <B>k</B>
-(<B>lock</B>), and <B>a</B> (<B>administer</B>). For more
-information, see <A HREF="auusg007.htm#HDRWQ46">The AFS ACL Permissions</A> and <A HREF="auusg007.htm#HDRWQ59">How AFS Uses the UNIX Mode Bits</A>.
-<P><LI>The three sets of mode bits on each UNIX file or directory enable you to
-grant permissions to three users or groups of users: the file or
-directory's owner, the group that owns the file or directory, and all
-other users. An ACL can accommodate up to about 20 entries, each of
-which extends certain permissions to a user or group. Unlike standard
-UNIX, a user can belong to an unlimited number of groups, and groups can be
-defined by both users and system administrators. See <A HREF="auusg008.htm#HDRWQ60">Using Groups</A>.
-<P><LI>UNIX mode bits are set individually on each file and directory. An
-ACL applies to all of the files in a directory. While at first glance
-the AFS method possibly seems less precise, in actuality (given a proper
-directory structure) there are no major disadvantages to directory-level
-protections and they are easier to establish and maintain.
-</UL>
-<P><H3><A NAME="HDRWQ17" HREF="auusg002.htm#ToC_26">Machine Outages</A></H3>
-<P>The kinds of failures you experience when a standard UNIX
-file system goes down are different than when one or more individual AFS file
-server machines become unavailable. When a standard UNIX file system is
-inaccessible, the system simply locks up and you can lose changes to any files
-with which you were working.
-<P>When an AFS file server machine becomes inaccessible, you cannot access the
-files on that machine. If a copy of the file is available from another
-file server machine, however, you do not necessarily even notice the server
-outage. This is because AFS gives your cell's system
-administrators the ability to store copies of popular programs on multiple
-file servers. The Cache Manager chooses between the copies
-automatically; when one copy becomes unavailable, the Cache Manager
-simply chooses another.
-<P>If there are no other copies of a file that is stored on an inaccessible
-server machine, you can usually continue to use the copy stored in your client
-machine's local AFS cache. However, you cannot save changes to
-files stored on an inaccessible file server machine until it is accessible
-again.
-<P><H3><A NAME="HDRWQ18" HREF="auusg002.htm#ToC_27">Remote Commands</A></H3>
-<P>
-<A NAME="IDX798"></A>
-<A NAME="IDX799"></A>
-<A NAME="IDX800"></A>
-<A NAME="IDX801"></A>
-<A NAME="IDX802"></A>
-<A NAME="IDX803"></A>
-<A NAME="IDX804"></A>
-<A NAME="IDX805"></A>
-The UNIX <I>remote commands</I> enable you to run programs on a remote
-machine without establishing a connection to it by using a program such as
-<B>telnet</B>. Many of the remote commands (such as <B>ftp</B>,
-<B>rcp</B>, and <B>rsh</B>) remain available in AFS, depending on how
-your administrators have configured them. If the remote machine has a
-Cache Manager, your token is used there also and you are authenticated while
-the remote command runs. If the remote machine does not run a Cache
-Manager, you receive the following message:
-<PRE> Warning: unable to authenticate.
-</PRE>
-<P>In this case, you are logged into the remote machine's UNIX file
-system, but you are not authenticated to AFS. You can access the local
-files on the remote machine and the AFS directories that grant access to the
-<B>system:anyuser</B> group, but you cannot access protected AFS
-directories.
-<P><H3><A NAME="Header_28" HREF="auusg002.htm#ToC_28">Differences in the Semantics of Standard UNIX Commands</A></H3>
-<P>This section summarizes differences in the functionality of some
-commonly issued UNIX commands.
-<DL>
-<P><DT><B>chmod
-<A NAME="IDX806"></A>
-<A NAME="IDX807"></A>
-</B><DD>Only members of the <B>system:administrators</B> group can use
-this command to turn on the setuid, setgid or sticky mode bits on AFS
-files. (For more information about this group, see <A HREF="auusg007.htm#HDRWQ50">Using the System Groups on ACLs</A>.)
-<P><DT><B>chown
-<A NAME="IDX808"></A>
-<A NAME="IDX809"></A>
-</B><DD>Only members of the <B>system:administrators</B> group can issue
-this command on AFS files.
-<P><DT><B>chgrp
-<A NAME="IDX810"></A>
-<A NAME="IDX811"></A>
-</B><DD>Only members of the <B>system:administrators</B> group can issue
-this command on AFS files and directories.
-<P><DT><B>groups
-<A NAME="IDX812"></A>
-<A NAME="IDX813"></A>
-</B><DD>If the user's AFS tokens are identified by a process authentication
-group (PAG), the output of this command includes two large numbers. For
-a description of PAGs, see <A HREF="auusg005.htm#HDRWQ24">Authenticating with AFS</A>.
-<P><DT><B>inetd
-<A NAME="IDX814"></A>
-<A NAME="IDX815"></A>
-</B><DD>The AFS version of this daemon authenticates remote issuers of the
-AFS-modified <B>rcp</B> and <B>rsh</B> commands with AFS.
-<P><DT><B>login utilities
-<A NAME="IDX816"></A>
-</B><DD>AFS-modified login utilities both log you into the local UNIX file system
-and authenticate you with AFS.
-<P><DT><B>ln
-<A NAME="IDX817"></A>
-<A NAME="IDX818"></A>
-</B><DD>You cannot use this command to create a hard link between files that
-reside in different AFS directories. You must add the <B>-s</B>
-option to create a symbolic link instead.
-</DL>
-<HR><H2><A NAME="HDRWQ19" HREF="auusg002.htm#ToC_29">Using AFS with NFS</A></H2>
-<P>Some cells use the Networking File System (NFS) in addition
-to AFS. If you work on an NFS client machine, your system administrator
-can configure it to access the AFS filespace through a program called the
-<I>NFS/AFS Translator</I><SUP>TM</SUP>. See <A HREF="auusg010.htm#HDRWQ80">Appendix A, Using the NFS/AFS Translator</A>.
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<!-- Begin Footer Records ========================================== -->
-<P><HR><B>
-<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
-</B>
-<!-- End Footer Records ============================================ -->
-<A NAME="Bot_Of_Page"></A>
-</BODY></HTML>
git://git.openafs.org / openafs.git / blobdiff