Presentation is loading. Please wait.

Presentation is loading. Please wait.

Techy Information Anandha Gopalan September 13, 2006.

Published bySharyl Gardner Modified over 9 years ago

Similar presentations

Presentation on theme: "Techy Information Anandha Gopalan September 13, 2006."— Presentation transcript:

1 Techy Information Anandha Gopalan September 13, 2006

2 Outline AFS overview AFS overview Departmental software Departmental software Departmental machines Departmental machines The ticket system The ticket system Help !!! Help !!!

3 AFS overview What is AFS ? What is AFS ? Andrew File SystemAndrew File System 1984 - Developed at CMU as part of Project Andrew1984 - Developed at CMU as part of Project Andrew 1989 - Transarc Corporation founded to commercialize AFS1989 - Transarc Corporation founded to commercialize AFS 1998 - Transarc acquired by IBM1998 - Transarc acquired by IBM 2000 - IBM releases OpenAFS under the IBM Public License (IPL)2000 - IBM releases OpenAFS under the IBM Public License (IPL)

4 Why AFS ? Security: authentication via Kerberos 4 Security: authentication via Kerberos 4 Fine grained control over file permissions Fine grained control over file permissions Can give individual users access to files and directoriesCan give individual users access to files and directories Accessible via both UNIX and Windows Accessible via both UNIX and Windows More information about clients: More information about clients: http://www.openafs.org/http://www.openafs.org/

5 AFS permissions Access Control Lists (ACLs) grant permissions on a per user and group basis. Each directory has an ACL that controls the directory and the files in it Access Control Lists (ACLs) grant permissions on a per user and group basis. Each directory has an ACL that controls the directory and the files in it There are seven permissions that may be granted, to either groups of users or individuals There are seven permissions that may be granted, to either groups of users or individuals System-defined groups exist, but you can define your own groupsSystem-defined groups exist, but you can define your own groups ACLs always are applied to directories rather than to individual filesACLs always are applied to directories rather than to individual files Files are governed by the ACL on their directory Files are governed by the ACL on their directory If you change the ACL on a directory, access to all of its files changesIf you change the ACL on a directory, access to all of its files changes Subdirectories inherit the ACLs of their parent directorySubdirectories inherit the ACLs of their parent directory

6 AFS permissions AFS ACLs work in conjunction with the standard Unix "owner" permissions. Only the owner permissions have an effect on AFS file access AFS ACLs work in conjunction with the standard Unix "owner" permissions. Only the owner permissions have an effect on AFS file access Unix permissions for "group" and "other" do not affect AFS file access.Unix permissions for "group" and "other" do not affect AFS file access. A user with appropriate AFS permissions can:A user with appropriate AFS permissions can: read a file only if the UNIX "owner read" mode is set. read a file only if the UNIX "owner read" mode is set. write to a file only if the UNIX owner "read" and "write" modes are set. write to a file only if the UNIX owner "read" and "write" modes are set. execute a file only if the UNIX owner "read" and "execute" modes are set. execute a file only if the UNIX owner "read" and "execute" modes are set.

7 AFS permissions Lookup: l, allows a user to list the contents of the AFS directory, examine the ACL associated with the directory and access subdirectories. Lookup: l, allows a user to list the contents of the AFS directory, examine the ACL associated with the directory and access subdirectories. Insert: i, allows a user to add new files or subdirectories to the directory. Insert: i, allows a user to add new files or subdirectories to the directory. Delete: d, allows a user to remove files and subdirectories from the directory. Delete: d, allows a user to remove files and subdirectories from the directory. Administer: a, allows a user to change the ACL for the directory. Users always have this right on their home directory, even if they accidentally remove themselves from the ACL. Administer: a, allows a user to change the ACL for the directory. Users always have this right on their home directory, even if they accidentally remove themselves from the ACL. Read: r, allows a user to look at the contents of files in a directory and list files in subdirectories. Read: r, allows a user to look at the contents of files in a directory and list files in subdirectories. Write: w, allows a user to modify files in a directory. Write: w, allows a user to modify files in a directory. Lock: k, allows the processor to run programs that need to "flock" files in the directory. Lock: k, allows the processor to run programs that need to "flock" files in the directory.

8 AFS permissions System-groups in AFS System-groups in AFS system:anyusersystem:anyuser Any user in the world who can gain access to your cell. This is a very broad group, and caution should always be used when granting any access to this group Any user in the world who can gain access to your cell. This is a very broad group, and caution should always be used when granting any access to this group system:authusersystem:authuser Everyone who is currently authenticated in your cell Everyone who is currently authenticated in your cell system:administratorssystem:administrators A few users in the cell who have been designated as AFS system administrators A few users in the cell who have been designated as AFS system administrators

9 AFS pitfalls I have –rw------- on my file, but it can still be read by others I have –rw------- on my file, but it can still be read by others Check the directory permissionsCheck the directory permissions AFS works at the directory level, UNIX permissions are ignoredAFS works at the directory level, UNIX permissions are ignored For a file to be executable, it still needs to have the correct UNIX permissions !!!For a file to be executable, it still needs to have the correct UNIX permissions !!!

10 AFS pitfalls How do I check if I have safe permissions ? How do I check if I have safe permissions ? /usr/local/bin/checkafsperms directory/usr/local/bin/checkafsperms directory This checks the permission on a directory This checks the permission on a directory /usr/local/bin/checkafshier directory/usr/local/bin/checkafshier directory This checks the permission on a directory hierarchy This checks the permission on a directory hierarchy These commands only work on LinuxThese commands only work on Linux These commands report if any directory has permissions: i,d,w,k,aThese commands report if any directory has permissions: i,d,w,k,a

11 AFS pitfalls 2 GB file size limitation 2 GB file size limitation Though you don’t really need thisThough you don’t really need this Tokens expire after 24 hours Tokens expire after 24 hours A klog will get you new tokensA klog will get you new tokens tokens will show available tokenstokens will show available tokens Use reauth to run programs > 24 hoursUse reauth to run programs > 24 hours Cannot set recursive permissions  Cannot set recursive permissions  Workaround available To give all permissions to user nemo recursively $ find. -type d -exec fs sa {} nemo all \;

12 AFS directory setup public public Directory that can be read and listed by allDirectory that can be read and listed by all Contains a directory html under which users can create their web pages etc...Contains a directory html under which users can create their web pages etc... private private Accessible only by the userAccessible only by the user Backup Backup Link in the home directory which contains the backup that is a day oldLink in the home directory which contains the backup that is a day old For older backups, ask techFor older backups, ask tech

13 Special AFS user agents mailserver mailserver Any process using the mail server has this usernameAny process using the mail server has this username Can be used for spam filtering using spamassasinCan be used for spam filtering using spamassasin webserver webserver Any process using the http protocolAny process using the http protocol Can be used for providing correct access to user web pages, cgi programs etc…Can be used for providing correct access to user web pages, cgi programs etc…

14 Department software Information about new software installed on Linux/Solaris can be found at: http://www.cs.pitt.edu/~tech/software Information about new software installed on Linux/Solaris can be found at: http://www.cs.pitt.edu/~tech/software http://www.cs.pitt.edu/~tech/software /usr/local/contrib contains software that is used by a small number of people, its either something new or experimental /usr/local/contrib contains software that is used by a small number of people, its either something new or experimental You can contribute by installing s/w in this directory (ask tech about it)You can contribute by installing s/w in this directory (ask tech about it) /usr/local contains software that is needed and used by the majority of people in the department /usr/local contains software that is needed and used by the majority of people in the department

15 Departmental machines The Linux machines The Linux machines Can be accessed as: linux.cs.pitt.edu or elements.cs.pitt.eduCan be accessed as: linux.cs.pitt.edu or elements.cs.pitt.edu Some machines are: arsenic, antimony, oxygen, hydrogen, nitrogen, selenium Some machines are: arsenic, antimony, oxygen, hydrogen, nitrogen, selenium Solaris 9 machines Solaris 9 machines Can be accessed as: blitz.cs.pitt.edu and javalab.cs.pitt.edu, (need to use your pitt account for javalab.cs.pitt.edu)Can be accessed as: blitz.cs.pitt.edu and javalab.cs.pitt.edu, (need to use your pitt account for javalab.cs.pitt.edu)

16 The ticket system Any email sent to tech@cs.pitt.edu is logged into the ticket system Any email sent to tech@cs.pitt.edu is logged into the ticket systemtech@cs.pitt.edu Issues a ticket number that is used to keep track of this ticketIssues a ticket number that is used to keep track of this ticket Rather than sending an email, visit: http://ticket.cs.pitt.edu and login with your AFS username and passwordRather than sending an email, visit: http://ticket.cs.pitt.edu and login with your AFS username and password http://ticket.cs.pitt.edu Helps in keeping track of your tickets Helps in keeping track of your tickets Be clear when you ask for something Be clear when you ask for something If necessary, mention your machine name, OS, room number  Trust me, it helpsIf necessary, mention your machine name, OS, room number  Trust me, it helps

17 HELP !!! In case you are wondering: In case you are wondering: How on this blue-green planet do I do this ?????How on this blue-green planet do I do this ????? Some answers are provided at: http://www.cs.pitt.edu/~tech Some answers are provided at: http://www.cs.pitt.edu/~tech http://www.cs.pitt.edu/~tech Has a link to an FAQ with a lot of answers Has a link to an FAQ with a lot of answers Has a link to the tech newsletter Has a link to the tech newsletter Has a link to the upgrades and software installation by the software TA Has a link to the upgrades and software installation by the software TA

18 ? ? ? ? ?

Download ppt "Techy Information Anandha Gopalan September 13, 2006."

Similar presentations

Litmus Learning Primer tests

Litmus Learning Primer tests
Andrew File System CSS534 ZACH MA. History  Originated in October 1982, by the Information Technology Center (ITC) formed with Carnegie Mellon and IBM.

Andrew File System CSS534 ZACH MA. History  Originated in October 1982, by the Information Technology Center (ITC) formed with Carnegie Mellon and IBM.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
STScI Tiger Upgrade CPT Project Manager: Jim Grice Technical Manager: Mark Calvin.

STScI Tiger Upgrade CPT Project Manager: Jim Grice Technical Manager: Mark Calvin.
UNIX & W2K A single sign-on solution for a Kerberos V based AFS cell Enrico M.V. Fasanelli & Fulvio Ricciardi I.N.F.N. – Sezione di Lecce.

UNIX & W2K A single sign-on solution for a Kerberos V based AFS cell Enrico M.V. Fasanelli & Fulvio Ricciardi I.N.F.N. – Sezione di Lecce.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
George Blank University Lecturer. Creating A Web Site at NJIT Professor Blank.

George Blank University Lecturer. Creating A Web Site at NJIT Professor Blank.
Web Pages Publishing your page on ASUWlink. Unix Directory Commands ls –la –will show all directories and files –will show directory and file permissions.

Web Pages Publishing your page on ASUWlink. Unix Directory Commands ls –la –will show all directories and files –will show directory and file permissions.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 24 NTFS Permissions and Sharing Printers 1.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 24 NTFS Permissions and Sharing Printers 1.
Chapter 5 Managing a Server. Overview  Server management  Examine networking models  Learn how users are authenticated  Manage users and groups 

Chapter 5 Managing a Server. Overview  Server management  Examine networking models  Learn how users are authenticated  Manage users and groups 
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
A crash course in njit’s Afs

A crash course in njit’s Afs
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Web Server Administration Chapter 5 Managing a Server.

Web Server Administration Chapter 5 Managing a Server.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

Similar presentations

Ads by Google