The AFS File System

In order to allow home directories to be available on multiple computers, some sort of network file system must be used. The home directories are actually stored on one "sever computer." Other computers communicate with this sever computer to allow users to access their home directories. Whenever a network file system is used in this way, some care must be taken to make sure that users can only access their own files. Since 2004, the math/cs computer network has used AFS, a very secure network file system that makes it possibly to safely access home directories from any computer that knows how to use AFS.

From the user's point of view, there are only a few differences between AFS and a typical Linux/Unix file system. One major change is that home directories now have names such as /afs/afs.hws.edu/home/username instead of /home/username. (/home/username will still work to refer to a user's home directory, but only because /home is a link into the /afs directory.)

Every home directory in AFS has a quota that specifies how much disk space can be used for that directory. To see information about your quota, change to your home directory and give the command "fs listquota" on the command line. (The disk allocation is specified in kilobytes.) The command can be abbreviated "fs lq".

AFS has a backup system that you might find useful if you accidently delete a file. Every morning, AFS creates a backup for all the files in your home directory. This backup can be found in your home directory in a directory named OldFiles. If you lose a file that was in your directory the previous day, you can find a copy of it in OldFiles. Note that the OldFiles directory is read-only. That is, you can see the files that it contains and you can copy files out of it, but you can't add files to it or modify the ones that are there. The backup only lasts for one day, until the next backup is made.

Access Control Lists

But perhaps the most significant difference is that AFS ignores most of the UNIX permission bits that are ordinarily used to control access to files. These bits are set with the chmod command and are displayed as strings such as "-rw-r--r--" in a directory listing produced with the "ls -l" command. (AFS does pay attention to the "x" permission on files, which tells whether or not the file is an executable program.)

Instead of UNIX permission bits, AFS uses access control lists (ACLs). ACLs are applied to a directory to say who can access the files in that directory and what they can do with those files. To see the ACLs on a particular directory, change to that directory and give the command "fs listacl". This command can be abbreviated "fs la".

For full information about ACLs, you can check out the following link at Carnegie Mellon University, where AFS was originally developed: https://computing.cs.cmu.edu/help-support/afs-acls.html.