welcome: please sign in

The following 213 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
access   accessible   add   added   again   aklog   all   allow   also   an   And   and   any   anyuser   are   as   Assignment   assignment   at   authenticate   aware   Be   be   because   both   breaking   By   by   can   Category   causes   Change   check   checking   Checking   clear   command   commands   common   completely   contains   Contents   contents   Coop   daemon   data   default   depth   directory   displaying   displays   do   documents   doesn   doing   Dom   domain   domtool   Domtool   don   effect   encountering   error   every   examples   expired   files   First   following   For   for   fs   fsr   full   give   given   go   good   grants   have   hcoop   home   how   html   http   if   If   in   In   indicated   instance   Instead   Introduction   is   it   It   its   just   Kerberos   kinit   like   line   lines   list   listacl   Ls   make   Making   Manual   may   Member   messages   mkdir   must   need   net   not   Note   Now   Of   of   on   One   only   option   or   Otherwise   own   page   part   permission   permissions   personal   possible   previously   principal   privacy   private   problems   public   read   Recursive   recursive   recursively   removed   returns   rights   rl   run   sa   same   screen   see   serve   Serving   set   setacl   sets   Setting   settings   simple   so   solve   some   specified   ssh   still   store   subdirectories   subdirectory   such   support   sure   system   Table   takes   that   The   the   then   there   Therefore   these   this   This   throughout   to   tokens   Tool   tree   up   use   user   username   using   valid   want   way   website   weird   what   when   whether   will   wish   with   within   without   works   write   You   you   your  

Clear message

MemberManual / GettingStarted / AfsExamples

This page contains some examples on how to solve common problems with AFS.


In these examples, <USERNAME> is your HCoop username.

Making a directory private

If you wish to make a directory within your $HOME completely private so that only you can list, read, and write, do this:

mkdir ~/private
fs setacl -clear ~/private <USERNAME> all

And then use ~/private/ for your personal data store.

Note that the -clear option causes any previously set ACLs to be removed. The <USERNAME> all part sets full access to the directory's contents to the specified user. Therefore, if you have a directory (indicated by <DIRECTORY>) in your home directory that you wish to make only accessible to you (such as ~/.ssh or ~/documents), use:

fs setacl -clear ~/<DIRECTORY> <USERNAME> all

You may also recursively set ACLs throughout a tree by using fsr. It takes the same commands as fs.

Serving a website with added privacy

If you use domtool to set up your domain, there is a way to allow system:anyuser only to list the contents of public_html without breaking your website(s). By default ACLs R and L are given. Change that in this way:

fs setacl ~/public_html system:anyuser l

Now, add all permissions for the USERNAME.daemon principal:

fs setacl ~/public_html <USERNAME>.daemon read

Be aware that this only works if you use your own domain -- if you use http://hcoop.net/~USERNAME/ to serve your files, then you must be sure that system:anyuser can read ~/public_html and its subdirectories (have permission "rl" and not just "l").

Setting the rights permissions on your ~/.domtool directory

First, check to see what the permissions are like on the ~/.domtool directory:

fs listacl ~/.domtool

If you see the line system:anyuser rl, then you are good to go, because any user can read your DomTool settings.

Otherwise, if you see the line domtool rl, then you are also OK. If you don't see these ACL lines, then you will want to run the following command to give the Domtool user read permissions on your ~/.domtool directory.

fs setacl ~/.domtool domtool read

Checking to see whether your tokens have expired

If you are encountering weird problems, then it is possible that your Kerberos tokens have expired. One simple way of checking this is to run:


If it returns without displaying any messages to the screen, you still have valid tokens. If it displays an error, when you will need to authenticate to both Kerberos and AFS again by doing:


Recursive Assignment

The fs command doesn't support recursive assignment. Instead, use fsr for that effect. For instance, fsr sa DIR user all grants all rights to user in every subdirectory (at any depth) of DIR.


MemberManual/GettingStarted/AfsExamples (last edited 2013-01-13 17:56:00 by ClintonEbadi)