Techy Information Anandha Gopalan September 13, 2006.

Slides:



Advertisements
Similar presentations
Litmus Learning Primer tests
Advertisements

Andrew File System CSS534 ZACH MA. History  Originated in October 1982, by the Information Technology Center (ITC) formed with Carnegie Mellon and IBM.
Access Control Chapter 3 Part 3 Pages 209 to 227.
STScI Tiger Upgrade CPT Project Manager: Jim Grice Technical Manager: Mark Calvin.
UNIX & W2K A single sign-on solution for a Kerberos V based AFS cell Enrico M.V. Fasanelli & Fulvio Ricciardi I.N.F.N. – Sezione di Lecce.
15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
George Blank University Lecturer. Creating A Web Site at NJIT Professor Blank.
Web Pages Publishing your page on ASUWlink. Unix Directory Commands ls –la –will show all directories and files –will show directory and file permissions.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 24 NTFS Permissions and Sharing Printers 1.
Chapter 5 Managing a Server. Overview  Server management  Examine networking models  Learn how users are authenticated  Manage users and groups 
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
A crash course in njit’s Afs
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Web Server Administration Chapter 5 Managing a Server.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
The University of Akron Summit College Business Technology Dept.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Beams Division Local Administrators Meeting 9/17/02 Brian Drendel.
Network Operating Systems versus Operating Systems Computer Networks.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Drupal Jumpstart Information Systems 337 Prof. Harry Plantinga.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
Indiana University’s Research File System. What is the IU Research File System? /user1/user2 /collaboration User 1, on campus User 2, somewhere else BACKUP.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Chapter 10: Rights, User, and Group Administration.
Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business.
General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.
W2K Integration in the Kerberos5 based AFS cell le.infn.it Enrico M. V. Fasanelli I.N.F.N. – Sezione di Lecce Catania,
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Minimizing your vulnerabilities. Lets start with properly setting up your servers which includes… Hardening your servers Setting your file and folder.
AFS AFS general presentation Olivier Le Moigne IT/DIS/DFS 12/1/1999.
CSI3131 – Lab 1 Observing Process Behaviour. Running Linux under Virtual PC  Start Virtual PC  This Windows program provides a virtual machine to run.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
MA194Using WindowsNT1 Topics for the day… WindowsNT Security WindowsNT File System (NTFS) Viewing/Setting Document and Folder Permissions Access Control.
Day12 Network OS. What is an OS? Provides resource management and conflict resolution. –This includes Memory CPU Network Cards.
Free Powerpoint Templates Page 1 Free Powerpoint Templates Users and Documents.
1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.
TOPIC 7.0 LINUX SERVICES AND CONFIGURATION. ROOT USER Root user is called “super user” because it has power far beyond those of mortal user. As root,
Agenda Using FTP What is FTP? How to Use the FTP Program How to transfer files Using FTP.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Introduction to AFS IMSA Intersession 2003 An Overview of AFS Brian Sebby, IMSA ’96 Copyright 2003 by Brian Sebby, Copies of these slides.
Sessions and cookies (part 2) MIS 3501, Fall 2015 Brad N Greenwood, PhD Department of MIS Fox School of Business Temple University 11/19/2015.
AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer.
Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.
ATLAS Computing Wenjing Wu outline Local accounts Tier3 resources Tier2 resources.
Administrating a Database
Tonga Institute of Higher Education IT 141: Information Systems
Introduction to NTFS Permissions
Sessions and cookies (part 2)
FTP - File Transfer Protocol
Database Driven Websites
Managing Data by Using NTFS
Tonga Institute of Higher Education IT 141: Information Systems
Web Programming Essentials:
Configuring Internet-related services
Transarc AFS Client for NT
Managing Data by Using NTFS
Tonga Institute of Higher Education IT 141: Information Systems
Chapter 9: Managing Groups, Folders, Files, and Object Security
Designing IIS Security (IIS – Internet Information Service)
Administrating a Database
Presentation transcript:

Techy Information Anandha Gopalan September 13, 2006

Outline AFS overview AFS overview Departmental software Departmental software Departmental machines Departmental machines The ticket system The ticket system Help !!! Help !!!

AFS overview What is AFS ? What is AFS ? Andrew File SystemAndrew File System Developed at CMU as part of Project Andrew Developed at CMU as part of Project Andrew Transarc Corporation founded to commercialize AFS Transarc Corporation founded to commercialize AFS Transarc acquired by IBM Transarc acquired by IBM IBM releases OpenAFS under the IBM Public License (IPL) IBM releases OpenAFS under the IBM Public License (IPL)

Why AFS ? Security: authentication via Kerberos 4 Security: authentication via Kerberos 4 Fine grained control over file permissions Fine grained control over file permissions Can give individual users access to files and directoriesCan give individual users access to files and directories Accessible via both UNIX and Windows Accessible via both UNIX and Windows More information about clients: More information about clients:

AFS permissions Access Control Lists (ACLs) grant permissions on a per user and group basis. Each directory has an ACL that controls the directory and the files in it Access Control Lists (ACLs) grant permissions on a per user and group basis. Each directory has an ACL that controls the directory and the files in it There are seven permissions that may be granted, to either groups of users or individuals There are seven permissions that may be granted, to either groups of users or individuals System-defined groups exist, but you can define your own groupsSystem-defined groups exist, but you can define your own groups ACLs always are applied to directories rather than to individual filesACLs always are applied to directories rather than to individual files Files are governed by the ACL on their directory Files are governed by the ACL on their directory If you change the ACL on a directory, access to all of its files changesIf you change the ACL on a directory, access to all of its files changes Subdirectories inherit the ACLs of their parent directorySubdirectories inherit the ACLs of their parent directory

AFS permissions AFS ACLs work in conjunction with the standard Unix "owner" permissions. Only the owner permissions have an effect on AFS file access AFS ACLs work in conjunction with the standard Unix "owner" permissions. Only the owner permissions have an effect on AFS file access Unix permissions for "group" and "other" do not affect AFS file access.Unix permissions for "group" and "other" do not affect AFS file access. A user with appropriate AFS permissions can:A user with appropriate AFS permissions can: read a file only if the UNIX "owner read" mode is set. read a file only if the UNIX "owner read" mode is set. write to a file only if the UNIX owner "read" and "write" modes are set. write to a file only if the UNIX owner "read" and "write" modes are set. execute a file only if the UNIX owner "read" and "execute" modes are set. execute a file only if the UNIX owner "read" and "execute" modes are set.

AFS permissions Lookup: l, allows a user to list the contents of the AFS directory, examine the ACL associated with the directory and access subdirectories. Lookup: l, allows a user to list the contents of the AFS directory, examine the ACL associated with the directory and access subdirectories. Insert: i, allows a user to add new files or subdirectories to the directory. Insert: i, allows a user to add new files or subdirectories to the directory. Delete: d, allows a user to remove files and subdirectories from the directory. Delete: d, allows a user to remove files and subdirectories from the directory. Administer: a, allows a user to change the ACL for the directory. Users always have this right on their home directory, even if they accidentally remove themselves from the ACL. Administer: a, allows a user to change the ACL for the directory. Users always have this right on their home directory, even if they accidentally remove themselves from the ACL. Read: r, allows a user to look at the contents of files in a directory and list files in subdirectories. Read: r, allows a user to look at the contents of files in a directory and list files in subdirectories. Write: w, allows a user to modify files in a directory. Write: w, allows a user to modify files in a directory. Lock: k, allows the processor to run programs that need to "flock" files in the directory. Lock: k, allows the processor to run programs that need to "flock" files in the directory.

AFS permissions System-groups in AFS System-groups in AFS system:anyusersystem:anyuser Any user in the world who can gain access to your cell. This is a very broad group, and caution should always be used when granting any access to this group Any user in the world who can gain access to your cell. This is a very broad group, and caution should always be used when granting any access to this group system:authusersystem:authuser Everyone who is currently authenticated in your cell Everyone who is currently authenticated in your cell system:administratorssystem:administrators A few users in the cell who have been designated as AFS system administrators A few users in the cell who have been designated as AFS system administrators

AFS pitfalls I have –rw on my file, but it can still be read by others I have –rw on my file, but it can still be read by others Check the directory permissionsCheck the directory permissions AFS works at the directory level, UNIX permissions are ignoredAFS works at the directory level, UNIX permissions are ignored For a file to be executable, it still needs to have the correct UNIX permissions !!!For a file to be executable, it still needs to have the correct UNIX permissions !!!

AFS pitfalls How do I check if I have safe permissions ? How do I check if I have safe permissions ? /usr/local/bin/checkafsperms directory/usr/local/bin/checkafsperms directory This checks the permission on a directory This checks the permission on a directory /usr/local/bin/checkafshier directory/usr/local/bin/checkafshier directory This checks the permission on a directory hierarchy This checks the permission on a directory hierarchy These commands only work on LinuxThese commands only work on Linux These commands report if any directory has permissions: i,d,w,k,aThese commands report if any directory has permissions: i,d,w,k,a

AFS pitfalls 2 GB file size limitation 2 GB file size limitation Though you don’t really need thisThough you don’t really need this Tokens expire after 24 hours Tokens expire after 24 hours A klog will get you new tokensA klog will get you new tokens tokens will show available tokenstokens will show available tokens Use reauth to run programs > 24 hoursUse reauth to run programs > 24 hours Cannot set recursive permissions  Cannot set recursive permissions  Workaround available To give all permissions to user nemo recursively $ find. -type d -exec fs sa {} nemo all \;

AFS directory setup public public Directory that can be read and listed by allDirectory that can be read and listed by all Contains a directory html under which users can create their web pages etc...Contains a directory html under which users can create their web pages etc... private private Accessible only by the userAccessible only by the user Backup Backup Link in the home directory which contains the backup that is a day oldLink in the home directory which contains the backup that is a day old For older backups, ask techFor older backups, ask tech

Special AFS user agents mailserver mailserver Any process using the mail server has this usernameAny process using the mail server has this username Can be used for spam filtering using spamassasinCan be used for spam filtering using spamassasin webserver webserver Any process using the http protocolAny process using the http protocol Can be used for providing correct access to user web pages, cgi programs etc…Can be used for providing correct access to user web pages, cgi programs etc…

Department software Information about new software installed on Linux/Solaris can be found at: Information about new software installed on Linux/Solaris can be found at: /usr/local/contrib contains software that is used by a small number of people, its either something new or experimental /usr/local/contrib contains software that is used by a small number of people, its either something new or experimental You can contribute by installing s/w in this directory (ask tech about it)You can contribute by installing s/w in this directory (ask tech about it) /usr/local contains software that is needed and used by the majority of people in the department /usr/local contains software that is needed and used by the majority of people in the department

Departmental machines The Linux machines The Linux machines Can be accessed as: linux.cs.pitt.edu or elements.cs.pitt.eduCan be accessed as: linux.cs.pitt.edu or elements.cs.pitt.edu Some machines are: arsenic, antimony, oxygen, hydrogen, nitrogen, selenium Some machines are: arsenic, antimony, oxygen, hydrogen, nitrogen, selenium Solaris 9 machines Solaris 9 machines Can be accessed as: blitz.cs.pitt.edu and javalab.cs.pitt.edu, (need to use your pitt account for javalab.cs.pitt.edu)Can be accessed as: blitz.cs.pitt.edu and javalab.cs.pitt.edu, (need to use your pitt account for javalab.cs.pitt.edu)

The ticket system Any sent to is logged into the ticket system Any sent to is logged into the ticket Issues a ticket number that is used to keep track of this ticketIssues a ticket number that is used to keep track of this ticket Rather than sending an , visit: and login with your AFS username and passwordRather than sending an , visit: and login with your AFS username and password Helps in keeping track of your tickets Helps in keeping track of your tickets Be clear when you ask for something Be clear when you ask for something If necessary, mention your machine name, OS, room number  Trust me, it helpsIf necessary, mention your machine name, OS, room number  Trust me, it helps

HELP !!! In case you are wondering: In case you are wondering: How on this blue-green planet do I do this ?????How on this blue-green planet do I do this ????? Some answers are provided at: Some answers are provided at: Has a link to an FAQ with a lot of answers Has a link to an FAQ with a lot of answers Has a link to the tech newsletter Has a link to the tech newsletter Has a link to the upgrades and software installation by the software TA Has a link to the upgrades and software installation by the software TA

? ? ? ? ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.