welcome: please sign in

Diff for "MemberManual/GettingStarted/AfsExamples"

Differences between revisions 11 and 21 (spanning 10 versions)
Revision 11 as of 2007-11-17 16:19:10
Size: 2728
Editor: AdamChlipala
Comment: No more domtool.deleuze
Revision 21 as of 2011-04-22 16:41:57
Size: 72
Editor: 188
Comment: Superior thinking dmneostrated above. Thanks!
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#pragma section-numbers off

This page contains some examples on how to solve common problems with AFS.

[[TableOfContents]]

= Introduction =

In these examples, '''<USERNAME>''' is your HCoop username.

= Making a directory private =

If you wish to make a directory within your $HOME completely private so that only you can list, read, and write, do this:

{{{
mkdir ~/private
fs setacl -clear ~/private <USERNAME> all
}}}

Note that the {{{-clear}}} option causes any previously set ACLs to be removed. The '''<USERNAME> all''' part sets full access to the directory's contents to the specified user. Therefore, if you have a directory (indicated by '''<DIRECTORY>''') in your home directory that you wish to make only accessible to you (such as {{{~/.ssh}}} or {{{~/documents}}}), use:

{{{
fs setacl -clear ~/<DIRECTORY> <USERNAME> all
}}}

You may also recursively set ACLs throughout a tree by using '''fsr'''. It takes the same commands as '''fs'''.

= Serving a website with added privacy =

If you use domtool to set up your domain, there is a way to allow {{{system:anyuser}}} only to list the contents of public_html without breaking your website(s). By default ACLs '''R''' and '''L''' are given. Change that in this way:

{{{
fs setacl ~/public_html system:anyuser l
}}}

Now, add all permissions for the ''USER.daemon'' principle:

{{{
fs setacl ~/public_html <USERNAME>.daemon all
}}}

Be aware that this only works if you use your own domain -- if you use {{{http://deleuze.hcoop.net/~USERNAME}}} to serve your files, then you '''must''' be sure that {{{system:anyuser}}} can read {{{~/public_html}}} and its subdirectories.

= Setting the rights permissions on your ~/.domtool directory =

First, check to see what the permissions are like on the {{{~/.domtool}}} directory:

{{{
fs listacl ~/.domtool
}}}

If you see the line '''system:anyuser rl''', then you are good to go, because any user can read your DomTool settings.

Otherwise, if you see the line '''domtool rl''', then you are also OK. If you don't see these ACL lines, then you will want to run the following command to give the Domtool user read permissions on your {{{~/.domtool}}} directory.

{{{
fs setacl ~/.domtool domtool read
}}}

= Checking to see whether your tokens have expired =

If you are encountering weird problems, then it is possible that your Kerberos tokens have expired. One simple way of checking this is to run:

{{{
aklog
}}}

If it returns without displaying any messages to the screen, you still have valid tokens. If it displays an error, when you will need to authenticate to both Kerberos and AFS again by doing:

{{{
kinit
aklog
}}}
Superior thinking dmneostrated above. Thanks!
----
CategoryNeedsWork

Superior thinking dmneostrated above. Thanks!


CategoryNeedsWork

MemberManual/GettingStarted/AfsExamples (last edited 2013-01-13 17:56:00 by ClintonEbadi)