This page contains some examples on how to solve common problems with AFS.
Making a directory private
If you wish to make a directory within your $HOME completely private so that only you can list, read, and write, do this:
mkdir ~/private fs setacl -clear ~/private <USERNAME> all
Note that the -clear option causes any previously set ACLs to be removed. The <USERNAME> all part sets full access to the directory's contents to the specified user. Therefore, if you have a directory in your home directory that you wish to make only accessible to you (such as ~/.ssh or ~/documents), use:
fs setacl -clear ~/<DIRECTORY> <USERNAME> all
There is also a way to recursively set ACLs throughout a tree by using fsr. It takes the same commands as fs.
Serving a website with added privacy
If you use domtool to set up your domain, there is a way to allow system:anyuser only to list the contents of public_html without breaking your website(s). By default ACLs R and L are given. Change that in this way:
fs setacl ~/public_html system:anyuser l
Now, add all permissions for the USER.daemon principle:
fs setacl ~/public_html <USERNAME>.daemon all
Be aware that this only works if you use your own domain -- if you use http://deleuze.hcoop.net/~USERNAME to serve your files, then you must be sure that system:anyuser can read ~/public_html and its subdirectories.
Setting the rights permissions on your ~/.domtool directory
fs setacl ~/.domtool domtool read fs setacl ~/.domtool domtool.deleuze read
Checking to see whether your tokens have expired
If you are encountering weird problems, then it is possible that your Kerberos tokens have expired. One simple way of checking this is to run:
aklog
If it returns without displaying any messages to the screen, you still have valid tokens. If it displays an error, when you will need to authenticate to both Kerberos and AFS again by doing:
kinit aklog