AFS
The Andrew File System is used by Duke to deal with all accounts and files on the acpub system except for a few limited situations. It works well for what it does, and even allows Duke to access the computer archives of many other universities on the AFS system. It does, however, take some getting used to.

More information

Duke AFS FAQ
http://www.duke.edu/~mrg/afs-faq.txt 
/usr/local/doc/afs-faq
This is the Frequently Asked Questions (and answers) provided by Duke about the AFS. The file location above is where Duke keeps the most recent copy of the file.
UC Office of College Computing
http://www.eng.uc.edu/occ/help/unix/filesystems/afs/
UC's pages on AFS - excellent information.
The Andrew File System
http://niels.che.chalmers.se/inst/phc/GU/CompRes/AFS.html
This page goes into more commands than you will most likely need.

You will really only need to know a few of the commands unless you are planning some pretty complex file security and maintenance. Items in square brackets [] are optional while items in slant brackets <> are descriptions of what should be placed there. The 'fs' commands are file server commands, while the 'pts' commands are protection and security.

fs help [-topic < help string >+] [-help ]
The help command will give syntax and a description of the topic specified. Without any string, this command will list the possible commands.
fs listacl [-path < dir/file path >+] [-id ] [-if ] [-help ]
The listacl command will show you the access listing for a directory. If you do not specify a path, the listing will be for the current directory. The path can be in either relative (using . and ..) or absolute (the whole /afs/acpub.duke.edu...) terms. The -help tag will show you the above syntax listing. Do not worry about the -id or -if tags (i.e. I couldn't figure out what they mean).
fs setacl -dir < directory >+ -acl < access list entries >+ [-clear ] [-negative ] [-id ] [-if ] [-help ]
The setacl command will let you set the access permissions for an individual or a group (more about groups below). Be very careful in using this command, as you can actually lock yourself out of your own directory through misuse! Specifically, avoid using the -clear command unless you really know what you are doing.
-dir < directory >
This flag says what directory is having its permissions changed. You cannot change specific file permissions, only directories under the afs system.
-acl < access list entries >
This group contains both the name of the individual or group to whom you are giving access and the access code group. There are seven types of access:
  • r - read files in the directory (actually look at a file)
  • l - look up directory information (see what files exist)
  • i - add files to a directory (create a whole new file)
  • d - delete files from a directory
  • w - write files to a directory (edit an existing file)
  • k - lock files in a directory (keep others out while working with a file)
  • a - administer the security of a directory
A typical access list entry would be -acl mrg rlidwka
-clear
This will clear all permissions for a particular group. This is only used with a concurrent command to give someone access. If you -clear a directory without simultaneously giving someone access to it, then that directory is locked from everyone.
-negative
This flag can keep certain people out. For instance, if someone has been messing with your account or you just want to keep one group out of a particular directory, you can assign negative permissions. This is not used that often.
-help
This flag will show you the syntax listing given above.
pts creategroup -name < group name >+ [-help ]
The creategroup command will allow the user to set up an entire group of people with the same access permissions. This is especially useful for rotating memberships or just keeping order within the access lists. While there are several flags for this command, the most important are listed below.
-name < group name >+
This is the name of the group you are creating. It must be in the form useris:name. For instance, if I were to create a group for this class, I could name it mrg:ME165.
-help
This flag will give the full syntax listing for the creategroup command.
pts adduser -user < user name >+ -group < group name >+ [-help ]
This adduser command allows you to add a user to a predefined group. The flags are self-evident.
pts removeuser -user < user name >+ -group < group name >+ [-help ]
The removeuser command will take a user out of a group.
pts delete -nameorid < group name >+ [-help ]
The delete command will delete a previously defined group. An odd occurance, however, is that the user id number of the group (generally a negative number) will retain the rights that that group had prior to being deleted. It is better to eliminate the rights of a group first and then to delete it.
pts listowned -nameorid < user name >+
The listowned command will list all the group names owned by the specified user.
pts membership -nameorid < group name >+
The membership command will list the members of the specified group.
Return to ME 165 home page
Last updated 9/1/97 by MRG II