AFS Administration Guide

Version 3.6

Copyright © 2000 IBM Corporation. All Rights Reserved

This edition applies to:
IBM AFS for AIX, Version 3.6
IBM AFS for Digital Unix, Version 3.6
IBM AFS for HP-UX, Version 3.6
IBM AFS for Linux, Version 3.6
IBM AFS for SGI IRIX, Version 3.6
IBM AFS for Solaris, Version 3.6

and to all subsequent releases and modifications until otherwise indicated in new editions.This softcopy version is based on the printed edition of this book. Some formatting amendments have been made to make this information more suitable for softcopy.

Table of Contents

About This Guide

Audience and Purpose
Document Organization
How to Use This Document
Related Documents
Typographical Conventions

I. Concepts and Configuration Issues

1. An Overview of AFS Administration

A Broad Overview of AFS
More Detailed Discussions of Some Basic Concepts
AFS Server Processes and the Cache Manager

2. Issues in Cell Configuration and Administration

Differences between AFS and UNIX: A Summary
Choosing a Cell Name
Participating in the AFS Global Namespace
Configuring Your AFS Filespace
Creating Volumes to Simplify Administration
Configuring Server Machines
Configuring Client Machines
Configuring AFS User Accounts
Using AFS Protection Groups
Login and Authentication in AFS
Security and Authorization in AFS
Backing Up AFS Data
Using UNIX Remote Services in the AFS Environment
Accessing AFS through NFS

II. Managing File Server Machines

3. Administering Server Machines

Summary of Instructions
Local Disk Files on a Server Machine
The Four Roles for File Server Machines
Administering Database Server Machines
Installing Server Process Software
Maintaining the Server CellServDB File
Managing Authentication and Authorization Requirements
Adding or Removing Disks and Partitions
Managing Server IP Addresses and VLDB Server Entries
Rebooting a Server Machine

4. Monitoring and Controlling Server Processes

Summary of Instructions
Brief Descriptions of the AFS Server Processes
Controlling and Checking Process Status
Displaying Process Status and Information from the BosConfig File
Creating and Removing Processes
Stopping and Starting Processes Permanently
Stopping and Starting Processes Temporarily
Stopping and Immediately Restarting Processes
Setting the BOS Server's Restart Times
Displaying Server Process Log Files

5. Managing Volumes

Summary of Instructions
About Volumes
Creating Read/write Volumes
About Clones and Cloning
Replicating Volumes (Creating Read-only Volumes)
Creating Backup Volumes
Mounting Volumes
Displaying Information About Volumes
Moving Volumes
Synchronizing the VLDB and Volume Headers
Salvaging Volumes
Setting and Displaying Volume Quota and Current Size
Removing Volumes and their Mount Points
Dumping and Restoring Volumes
Renaming Volumes
Unlocking and Locking VLDB Entries

6. Configuring the AFS Backup System

Summary of Instructions
Introduction to Backup System Features
Overview of Backup System Configuration
Configuring the tapeconfig File
Granting Administrative Privilege to Backup Operators
Configuring Tape Coordinator Machines and Tape Devices
Defining and Displaying Volume Sets and Volume Entries
Defining and Displaying the Dump Hierarchy
Writing and Reading Tape Labels
Automating and Increasing the Efficiency of the Backup Process

7. Backing Up and Restoring AFS Data

Summary of Instructions
Using the Backup System's Interfaces
Backing Up Data
Displaying Backup Dump Records
Restoring and Recovering Data
Maintaining the Backup Database

8. Monitoring and Auditing AFS Performance

Summary of Instructions
Using the scout Program
Using the fstrace Command Suite
Using the afsmonitor Program
Configuring the afsmonitor Program
Writing afsmonitor Statistics to a File
To start the afsmonitor Program
To stop the afsmonitor program
The xstat Data Collection Facility
Auditing AFS Events on AIX File Servers

9. Managing Server Encryption Keys

Summary of Instructions
About Server Encryption Keys
Displaying Server Encryption Keys
Adding Server Encryption Keys
Removing Server Encryption Keys
Handling Server Encryption Key Emergencies

III. Managing Client Machines

10. Administering Client Machines and the Cache Manager

Summary of Instructions
Overview of Cache Manager Customization
Configuration and Cache-Related Files on the Local Disk
Determining the Cache Type, Size, and Location
Setting Other Cache Parameters with the afsd program
Maintaining Knowledge of Database Server Machines
Determining if a Client Can Run Setuid Programs
Setting the File Server Probe Interval
Setting a Client Machine's Cell Membership
Forcing the Update of Cached Data
Maintaining Server Preference Ranks
Managing Multihomed Client Machines
Controlling the Display of Warning and Informational Messages
Displaying and Setting the System Type Name
Enabling Asynchronous Writes

11. Configuring Client Machines with the package Program

Summary of Instructions
Using the package Program
Package Overview
The package Directory Structure
Example Prototype and Library Files
Package Configuration File Instruction Syntax
Constructing Prototype and Library Files
The Package Makefile File
Modifying the Makefile
Compiling Prototype Files
Modifying Client Machines
Running the package program

IV. Managing Users and Groups

12. Creating and Deleting User Accounts with the uss Command Suite

Summary of Instructions
Overview of the uss Command Suite
Creating Local Password File Entries with uss
Converting Existing UNIX Accounts with uss
Constructing a uss Template File
Creating Individual Accounts with the uss add Command
Deleting Individual Accounts with the uss delete Command
Creating and Deleting Multiple Accounts with the uss bulk Command

13. Administering User Accounts

Summary of Instructions
The Components of an AFS User Account
Creating Local Password File Entries
Converting Existing UNIX Accounts
Creating AFS User Accounts
Improving Password and Authentication Security
Changing AFS Passwords
Displaying and Setting the Quota on User Volumes
Changing Usernames
Removing a User Account

14. Administering the Protection Database

Summary of Instructions
About the Protection Database
Displaying Information from the Protection Database
Creating User and Machine Entries
Creating Groups
Adding and Removing Group Members
Deleting Protection Database Entries
Changing a Group's Owner
Changing a Protection Database Entry's Name
Setting Group-Creation Quota
Setting the Privacy Flags on Database Entries
Displaying and Setting the AFS UID and GID Counters

15. Managing Access Control Lists

Summary of Instructions
Protecting Data in AFS
Displaying ACLs
Setting ACL Entries
Completely Replacing an ACL
Copying ACLs Between Directories
Removing Obsolete AFS IDs from ACLs
How AFS Interprets the UNIX Mode Bits

16. Managing Administrative Privilege

Summary of Instructions
An Overview of Administrative Privilege
Administering the system:administrators Group
Granting Privilege for kas Commands: the ADMIN Flag
Administering the UserList File

A. Managing the NFS/AFS Translator

Summary of Instructions

Enabling Unauthenticated or Authenticated AFS Access
Setting the AFSSERVER and AFSCONF Environment Variables
Delayed Writes for Files Saved on NFS Client Machines

Configuring NFS/AFS Translator Machines

Loading NFS and AFS Kernel Extensions
Configuring the Translator Machine to Accept AFS Commands
Controlling Optional Translator Features
To configure an NFS/AFS translator machine
To disable or enable Translator functionality, or set optional features

Configuring NFS Client Machines

To configure an NFS client machine to access AFS

Configuring User Accounts

To configure a user account for issuing AFS commands

Authenticating on Unsupported NFS Client Machines

To authenticate using the knfs command
To display tokens using the knfs command
To discard tokens using the knfs command

B. Using AFS Commands

AFS Command Syntax

Command Names
Options
Arguments
Flags
An Example Command
Rules for Entering AFS Commands
Rules for Using Abbreviations and Aliases
Displaying Online Help for AFS Commands

C. The afsmonitor Program Statistics

The Cache Manager Statistics

Performance Statistics Section (PerfStats_section)
Server Up/Down Statistics Section (Server_UpDown_section)
RPC Operation Measurements Section (RPCop_section)
Authentication and Replicated File Access Section (Auth_Access_section)

The File Server Statistics

Performance Statistics Section (PerfStats_section)
RPC Operations Section (RPCop_section)

D. AIX Audit Events

Introduction
Audit-Specific Events
Volume Server Events
Backup Server Events
Protection Server Events
Authentication Events
File Server and Cache Manager Interface Events
BOS Server Events
Volume Location Server Events

List of Tables
1. Suggested volume prefixes
2. Example volume-prefixing scheme
3. Source for values of uss template variables
4. Command-line argument sources for uss template variables

List of Figures
1. File Sharing Between the Read/write Source and a Clone Volume
2. First example scout display
3. Second example scout display
4. Third example scout display
5. Fourth example scout display
6. The afsmonitor System Overview Screen
7. The afsmonitor File Servers Screen
8. The afsmonitor File Servers Screen Shifted One Page to the Right
9. The afsmonitor Cache Managers Screen

		Next
		About This Guide