welcome: please sign in

Revision 5 as of 2007-10-25 03:59:34

Clear message
Edit

MemberManual / GettingStarted

This is the chapter of the MemberManual that describes things that new and current members must know about HCoop's setup. It is considered required reading before contacting HCoop administrators or filing support requests.

TableOfContents

AFS: A distributed filesystem

HCoop now uses [http://www.openafs.org/ AFS], a distributed filesystem, to implement much of our infrastucture. Home directories and email are stored in AFS. AFS allows for fine-grained access control, and the ability to access your files from any machine that has an AFS/Kerberos client.

Permissions in AFS are a bit different than standard UNIX file permissions. Basically, the group of a file, and the standard read/write/execute permissions do not matter at all. In place of these, there is an access control list (called an ACL) for each directory, which is a listing of a role or person, and the permissions that they have. An AFS ACL uses seven types of permissions: r (read), l (lookup), i (insert), d (delete), w (write), k (lock), and a (administer). "Read" and "write" are the same as their UNIX equivalents, and "lookup" is similar to the "execute" permission in UNIX -- it permits the files contained in the directory to be accessed. For further information on AFS permissions, [http://www.openafs.org/pages/doc/UserGuide/auusg007.htm#HDRWQ46 the relevant section of the AFS User Guide] may be consulted.

When a new directory is created inside $HOME, its ACL defaults to allow listing by any authenticated party on HCoop. Individual files do not have ACLs; instead, files inherit the ACL of the directory they are in.

If you wish to view the ACLs on a specific directory, such as any you have just applied an ACL, use:

fs listacl <DIRECTORY>

Please continue on to the [:/AfsExamples:AFS examples] page for some annotated examples on how to set AFS permissions.

Kerberos: An authentication mechanism

SSH access to our system, as well as authentication to most of our webservers, is managed by Kerberos. You get a token automatically whenever you log in. Tokens can expire in less than a day. If the token expires, you may renew it by running

kinit

and typing your password.

Kerberos and AFS work together. So if your token expires, so will your access to AFS. To get AFS access back after renewing your token with kinit, be sure to type

aklog

Domtool: Manage domain-specific DNS/email/web

We use Domtool to manage all aspects of the Internet domains that our members own. Domtool allows us to easily share services with many people, and to ensure some level of correctness for things like making changes to your Apache configuration for your website. You may perhaps be familiar with Domtool version 1, which was used on our old setup. What we currently use is Domtool version 2, which is a complete rewrite. We maintain Domtool in-house.

Domtool facilitates DNS, email, and web serving, provided that you have a domain.

Please consult [:DomTool/UserGuide:The Domtool User Guide] at this point, so you can get an idea of what Domtool configuration files look like. When you are ready to set up your domain, [:DomTool/Examples:the examples on this page] should prove helpful.

Bugzilla: Get help from the admins

"Bugzilla" is the name of the bug-tracking softwarea which we use to keep track of support requests. You should use this to report any problems with the setup of the machines. Bugzilla allows the administrators to figure out who is working on a particular problem. It sends you email whenever the admins do work on problems that you report, and indicates the current status of the problem whenever the status changes.

Our Bugzilla instance is at [https://bugzilla.hcoop.net/]. Take a minute to acclimate yourself with interface. Actions like searching through existing issues and reporting new issues (where "issues" is the same as "bugs", for us) are located near the bottom of the screen. Be sure to specify the "Component" where the problem lies when submitting a new report. This allows us to assign the right person to look at the problem.

Portal